The crooks, responsible for developing the Svpeng Android banking Trojan, have taken a step forward when it comes to malware spreading techniques. They have adopted a new distribution method which drops their malicious payload on devices without the victims clicking on any ads or interacting with the webpage in any way.
The first case with no-interaction-needed malware Android was detected in April this year. The Cyber.Police ransomware (also known as Dogspectus) started using the malvertising method for its payload distribution.
Now, Kaspersky Lab says that Androids are still at risk as the dangerous Svpeng Android banking Trojan adopted the no-click distribution technique. Kaspersky have spotted two different cases in which reliable and legitimate websites are dropping the Trojan to their visitors. The payload is automatically downloaded in a file called “last-browser-update.apk.”
The two abused pages are the Meduza news portal and Russia Today (RT). The one thing which was the same in both cases was the usage of Google’s AdSense platform to deliver ads on the websites.
According to researchers, the cyber gang behind Svpeng via is purchasing ad slots on the Google’s AdSense platforms to display their ads. The malicious advertisements are forcing the victim`s device to automatically download the APK files.
If these APK files are launched into execution the user would be infected with the vicious banking Trojan which could do a lot of damage to its “host”. It is able to gather any information about the device, it can even show phishing screens in order to collect banking information or social media accounts and then publicly post it online.
Both Meduza and Russia Today have taken measures to remove the dangerous ads from their pages. Meduza has even gone as far as to no longer use the AdSense platform.
With all the warnings and bad examples, users are not that easy to mislead anymore. They are avoiding suspicious sites and are being more careful what they download and from where. Cybercriminals are finding it harder and harder to trick them. This is the exact reason why malvertising campaign are constantly evolving and are about to become the crooks` favorite distribution method.