The Massive Attack on Android Users Finally Stopped

android-trojan-2-viruses

The major attack, having affected more than 318,000 users, has finally been ground to a halt. On an interesting note, only Russian users had been targeted. Namely, the users, who had set the Russian language as the default UI (user interface) language on their mobile devices. The culprit of this Android attack was the Svpeng Android banking trojan. The trojan exploited the vulnerability of the Google Chrome browser of the mobile devices.

The bug exploited regarded the way in which Chrome handled downloads. The Svpeng trojan was being spread through Russian websites such as RT (Russia Today) and the Meduza news portals among others. The latter sites had been injected JavaScript. To be more precise, it was actually the Google AdSense advertisements, which were injected this malicious JS. The malicious code running on the sites, automatically clicked the infected advertisements, and, thus, the payload of the virus was being downloaded on the victim’s mobile devices.

The executable file of Svpeng was named the following (the extension .apk here stands for the Android app files):

2GIS.apk
AndroidHDSpeedUp.apk
Android_3D_Accelerate.apk.
Android_update_6.apk
Asphalt_7_Heat.apk
CHEAT.apk
Chrome_update.apk
Cut_the_Rope_2.apk
DrugVokrug.apk
Google_Play.apk
Instagram.apk
Mobogenie.apk
Root_Uninstaller.apk
Skype.apk
SpeedBoosterAndr6.0.apk
Temple_Run.apk
Trial_Xtreme.apk
VKontakte.apk
Viber.apk
WEB-HD-VIDEO-Player.apk
WhatsApp.apk
last-browser-update.apk
minecraftPE.apk
new-android-browser.apk
Установка.apk

It is important to mention that the numbers of victimized users may possibly be lower. The reason for that is that the downloaded APK files needed to opened in order the trojan would be able to run on the system.

The cyber security researchers from Kaspersky Lab have stopped this attack from proliferating even further. They notified Google about the vulnerability, which employees released the Chrome update for Android devices. This update is aimed at the auto-downloading behavior of the browser of the Android mobile phones. Thus, the Svpeng trojan is now incapable of pursuing the attack. The onslaught lasted from August to November – around three months.

Sources: bleepingcomputer.com, securelist.com.

 
 
 

Leave a Reply

Your email address will not be published. Required fields are marked *