CONSTANT SECURITY WATCHDOG Kaspersky Lab has once again shaken us with its talk of Android users and the vulnerabilities they face.
Ever vigilant Kaspersky has uncovered a banking trojan that is making itself available via Google AdSense and forces itself on users with no interaction like a smack in the face.
“This morning we encountered a gratuitous act of violence against Android users.
By simply viewing their favourite news sites over their morning coffee users can end up downloading last-browser-update.apk, a banking trojan detected by Kaspersky Lab solutions as Trojan-Banker.AndroidOS.Svpeng.q,” said the Kaspersky researchers in a blog post.
“It turns out the malicious program is downloaded via the Google AdSense advertising network.
Be warned, lots of sites use this network – not just news sites – to display targeted advertising to users.
Site owners are happy to place advertising like this because they earn money every time a user clicks on it.
“But anyone can register their ad on this network – they just need to pay a fee.
And it seems that didn’t deter the authors of the Svpeng trojan from pushing their creation via AdSense.
The trojan is downloaded as soon as a page with the advert is visited.”
These kind of attacks are not new, and Kaspersky blurted out an alert about an incident at the Meduza news portal in July which has since been fixed.
“The Svpeng family of banking trojans has long been known to Kaspersky Lab and possesses a standard set of malicious functions.
After being installed and launched, it disappears from the list of installed apps and requests the device’s admin rights,” the post continued.
“Svpeng can steal information about the user’s bank cards via phishing windows, intercept, delete and send text messages (this is necessary for attacks on remote banking systems that use SMS as a transport layer) and counteract mobile security solutions that are popular in Russia by completing their processes.
“In addition, Svpeng collects an impressive amount of information from the user’s phone: the call history, text and multimedia messages, browser bookmarks and contacts.” µ