Specialists from Kaspersky Lab have recently found a modification of the mobile banking Trojan Svpeng, the secret of Google display network Google AdSense. From mid-July Svpeng was discovered on Android devices is approximately 318 000 users, while the highest rate of infection was 37 000 victims a day. The attackers, whose aim was to steal information on Bank cards and personal data such as contacts and call history, used the error in the Google Chrome browser for Android. As Google has already removed the gap, “Kaspersky Lab” can reveal full details about the attack.
the First known case of the attack of the Trojan Svpeng took place in mid-July, and referred to Federation-the website of the information Agency. During the attack of trojan ukradkowo to download on Android devices belonging to people visiting this website.
Analyzing the process of the attack, the researchers from the “Kaspersky Lab” found that the campaign started with an infected ad network Google AdSense. Trojan was loaded only when the user visited the site with the created is through the Chrome browser on your Android device. Svpeng he posed as a COP by not very important update for the browser or a popular app to trick you to agree to the installation. Once the malicious software has disappeared from the list of installed applications and user’s request on granting him admin rights on the device. Such actions had the objective difficulty of detecting malicious software.
Cybercriminals have found a way to circumvent some of the key security features of Google Chrome browser for Android. Under normal conditions, when the APK file (Android app) installed on a mobile device using an external link to WWW, the browser displays a warning about the detection of potentially dangerous object. The creators of the Trojan Svpeng was discovered and used vulnerability that allowed you to download APK files without notifying users. Once you have identified the error, the specialists of “Kaspersky Lab” immediately stated the problem to Google, which quickly prepared an update of the browser to remove the vulnerability.
“Case of the Trojan Svpeng once again confirms the importance of cooperation between the companies. Our common goal is to protect users from cyberatakami, so it is very important that we together work towards achieving it. We are pleased to be able to contribute to improving the security of the Android platform, and thanks Google for a quick response to the error. We encourage Android users to avoid downloading apps from untrusted sources, and stared permits, which are required for the software added to the device,” – said Nikita Ul, malware analyst, Kaspersky Lab.
“Kaspersky’s Laboratory” recommends to users of devices with Android as soon as possible updated Google Chrome to the latest version.
the Purpose of a mobile banking Trojan Svpeng steal information on Bank cards. This malware also collects your call history, text messages, multimedia messages, browser bookmarks, and contacts. Svpeng attack in the mainly Russian-speaking countries, but has the potential for global distribution. Given the special nature of distribution of the pest under threat are millions of web sites around the world using the platform AdSense to display ads on mobile devices.
the Products “Kaspersky Lab” are finding this version of the Trojan Svpeng as Trojan-Banker.AndroidOS.Svpeng.q.
the technical Details of the Trojan are on the website https://kas.pr/iz4t.
source: “Kaspersky Lab”
Kan
No comments:
Post a Comment