A group of security researchers have recently discovered a new strain of malware targeting the Android operating system by Google, which also uses its advertising network AdSense to spread itself.
Mikhail Kuzin and Nikita Buchka of Kaspersky Solutions found the banking Trojan, which was dubbed "Trojan-Banker.AndroidOS.Svpeng.q." The malware is out to steal banking and other financial information from innocent people on the internet, by means of phishing or other related methods. It also has the ability to read and delete text messages sent by banks to their clients.
It was found that the malware can actually be contracted via AdSense, Google"s own advertising network. What is also very alarming is that millions of websites on the internet, from news sites, to the smallest blog websites utilize the network, in order to monetize their content. Moreover, Svpeng is downloaded automatically as soon as the page with the advertisement is visited.
The Kaspersky researchers found the malware on state-owned news company Russia Today (RT), as well as the Meduza news portal. In light of the discovery, the latter has already disabled AdSense advertising on their pages. Svpeng will disguise itself as a browser update, shown on the screenshot, in order to trick users into thinking that the download is safe.
Once installed, the malware disappears from the list of installed apps, and then it will request administrator rights. This privilege will make it harder for antivirus to terminate the malicious program. The researchers stated:
Svpeng can steal information about the user’s bank cards via phishing windows, intercept, delete, and send text messages (this is necessary for attacks on remote banking systems that use SMS as a transport layer). Also, the malware can counteract mobile security solutions that are popular in Russia by completeing [sic] their processes.
Lastly, the malware can reportedly collect personal information such as call history, contacts, text and multimedia messages, as well as browser bookmarks.
While we do sometimes tend to install Android applications using raw .APK files, due to some circumstances, we strongly advise our readers to be careful with what they download online. Users can also disallow the installation of third-party apps on their devices, in order to avoid getting infected with malicious software in the future.
Source: Kaspersky SecureList via Business Insider | Screenshot via Kaspersky SecureList