- Oct 23, 2012
- 12,527
The criminal gang behind the Svpeng Android banking trojan has come up with a distribution method that doesn't rely on users clicking or interacting with anything on a site to deliver their payload on the victims' devices.
We reported for the first time about Android malware that doesn't need any user interaction in April 2016, when the Cyber.Police (also known as Dogspectus) ransomware used malvertising to deliver its payload on Android handsets.
Svpeng adopts no-click distribution method
According to Kaspersky Lab, it appears that another major Android malware family called Svpeng has integrated this distribution method as well.
The company's revealed today they've detected two separate instances of 100% clean and legitimate websites force-feeding the Svpeng banking trojans to their users in the form of an automatically downloaded file called "last-browser-update.apk."
We reported for the first time about Android malware that doesn't need any user interaction in April 2016, when the Cyber.Police (also known as Dogspectus) ransomware used malvertising to deliver its payload on Android handsets.
Svpeng adopts no-click distribution method
According to Kaspersky Lab, it appears that another major Android malware family called Svpeng has integrated this distribution method as well.
The company's revealed today they've detected two separate instances of 100% clean and legitimate websites force-feeding the Svpeng banking trojans to their users in the form of an automatically downloaded file called "last-browser-update.apk."
The two portals are Russia Today (RT) and the Meduza news portal, and the thing they had in common was the usage of Google's AdSense platform to deliver ads on their sites.
Crooks delivered Svpeng via Google AdSense malicious ads
Researchers claim that crooks were buying ad slots on these platforms in order to show malicious ads that forced the users' phones to download the malicious APK files.
If users were careless enough to launch the APK, they would get infected with a dangerous banking trojan that would collect information about their device, and then show phishing screens in order to gather information about banking and social media accounts, which it would later upload online.
Both news portals have cleaned out their websites of the malicious ads, and Meduza has even gone a step further and dropped AdSense altogether.
With the overall user security awareness going up, crooks are finding it harder and harder to trick users into downloading and installing malicious APKs from shady-looking websites. This is why APKs force-fed via malvertising campaigns will become one of the top distribution vectors for Android malware in the future.