SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
11 Nov 2016

New trojan infects Android devices from Google AdSense

If you don’t go to suspicious sites, malware can’t get you — right? Well, no. Unfortunately, even those who do not open unreliable e-mail attachments, avoid porn sites, and do not install apps from unofficial stores are not well-enough protected.

New developments suggest that malware can be found even on an absolutely legitimate site, as 318,000 thousand Android users found out when their Android devices were attacked by the Svpeng.q banking Trojan from Google AdSense advertisements.

Google AdSense is the biggest ad network in the world, so a lot of criminals dream about finding a way to use the network to spread their malicious programs worldwide. The creators of Svpeng.q managed to do it. Banners posted by criminals launched automatic downloads of the Svpeng.q installation package with the help of a obfuscated script. Usually, Chrome browser warns users when a potentially dangerous file is downloaded, so the criminals used a special function to make device download the Trojan in parts, so it managed to slip unnoticed.

The script was set up to act only when it was launched on devices with a touch screen and only on the Chrome browser. That’s how criminals narrowed the target audience to users of Android tablets and smartphones — because Svpeng.q Trojan was written for Android.

You can read more about Svpeng.q in the detailed report published on Securelist. Long story short, it’s not that different from other banking Trojans; its main function is to overlay interfaces of mobile banks with fake ones, copy credit card data, and send the data to criminals. They in turn use it to steal victims’ money. We reported our findings to Google, and developers made a patch that fixed the hole in Google Chrome that let the Trojan bypass security notification.

It’s noteworthy that if you download Svpeng, you won’t get infected immediately. You need to install it, and so the Trojan does its best to deceive: For example, the installation file may have a name like Android_update_6.apk or Instagram.apk, among others. This tactic seems to work well for cybercriminals.

How to protect yourself from Trojans hiding in ads

Even legitimate sites can unwittingly put you at risk. To protect yourself, follow these guidelines:

1. Never open files if you are not sure how they got to your device. Just because a file is called android_update.apk doesn’t mean that it contains a system update. You can find out if the system has a legitimate update by checking Device Information under Settings.

2. Don’t allow the installation of apps from third-party stores. Every Android gadget includes this setting. That way, even if you mistakenly approve installation of such a pseudo-update, the system will stop it.

3. Install real updates as they become available. In addition, update Google Chrome on all of your Android devices as soon as it’s possible. Updating is quick, and it could save you time, hassle, and even money.

4. Use antivirus protection on all devices. In cases like this one, a real-time security solution can protect the user — unlike an on-demand antivirus scanner, which must be launched manually. Svpeng knows how to “kill” the processes of popular security solutions, so the scanners just won’t launch.

Tags:
Android Google trojan information leaks
Source:
Kaspersky Daily
Author:
John Snow
1879
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015