News Stay informed about the latest enterprise technology news and product updates.

Google AdSense malware silently delivers to Android users

Google AdSense malware has been silently delivered to Android devices, but the danger seems to be mitigated by Google itself.

Researchers have found a new variant of an old Trojan being silently delivered to Android devices via the Google...

AdSense network, but Google's protections should be keeping users safe.

New research from Kaspersky Lab identified a variant of the Svpeng mobile banking Trojan being delivered to Android devices without any user interaction necessary.

Mikhail Kuzin and Nikita Buchka, malware analysts for Kaspersky Lab, based in Moscow, described the finding in a blog post.

"There you are, minding your own business, reading the news and BOOM! -- no additional clicks or following links required. It turns out the malicious program is downloaded via the Google AdSense advertising network ... anyone can register their ad on this network -- they just need to pay a fee. And it seems that didn't deter the authors of the Svpeng Trojan from pushing their creation via AdSense. The Trojan is downloaded as soon as a page with the advert is visited."

The Svpeng banking Trojan was first discovered in mid-2014. Kuzin and Buchka wrote it "can steal information about the user's bank cards via phishing windows, [as well as] intercept, delete and send text messages," and it "collects an impressive amount of information from the user's phone -- the call history, text and multimedia messages, browser bookmarks and contacts."

Although the Trojan app is silently delivered to Android devices, it cannot perform any of these functions without being installed. This means a user would have to find the downloaded app, install it, turn off Android's standard protections against installing apps from unknown sources, and finally bypass Google's Verify Apps protections, which warn users when they are potentially installing malware.

Buchka described the deception techniques, but said Google's Android security measures have started blocking the AdSense malware.

"The malicious .apk was downloading without [a] user's actions. But the user had to give the permission on the installation. Fraudsters were using file names such as 'last-browser-update' [and] 'important-browser-update' to deceive the unsuspecting user and force him to install malicious .apk. The duped user allowed installation, thinking that it was a critical update," Buchka told SearchSecurity. "At the time of research, Google's Verify Apps protections [were] not detecting this application as potentially dangerous, but now Google's protection stops it."                                                                                       

Next Steps

Learn more about the results of Google's second Android Security Report.

Find out top tips for better Android security.

Get info on an Android banking Trojan that generates $500,000 per day.

Dig Deeper on Malware, Viruses, Trojans and Spyware

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What do you think of Android's protections for stopping Trojans like this Google AdSense malware?
Cancel
They’re currently more than adequate. If someone has to go through all of those steps to install the malware, then they most likely know what they are doing in the first place. However, it’s not so far off to think that, in the near future, malware won’t require any user interaction to be effective.
Cancel
You might be surprised how many people install a .apk file, turn off Android's standard protections against installing apps from unknown sources, and finally bypass Google's Verify Apps protections. There are many uTest projects in which the mobile app is installed like that.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close