By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    Because Community Created Vulnerabilities Are Community Property
    Because Community Created Vulnerabilities Are Community Property
    3 months ago
    Android App Malware
    8 months ago
    Mobile malware Faketoken impersonates taxi apps
    8 months ago
    Latest News
    Safeguards against firmware signed with stolen MSI keys
    2 days ago
    WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
    2 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
    1 week ago
    Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign
    1 week ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Keylogger found on 5500 sites running WordPress
    Keylogger found on 5500 sites running WordPress
    8 months ago
    Windows 11 build 22622.575 (KB5016694) releases in the Beta Channel
    8 months ago
    How to create restore point on Windows 11
    8 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    4 months ago
    Now you can speed up any video in your browser
    4 months ago
    How to restore access to a file after EFS or view it on another computer?
    4 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    5 months ago
  • How To
    How ToShow More
    What is two-factor authentication | Kaspersky official blog
    3 days ago
    Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
    5 days ago
    NVIDIA GeForce RTX 4080 New Mercury Editions of Razer Blade 16 and Blade 18 now available
    5 days ago
    How Oxy uses hooks for maximum extensibility
    How Oxy uses hooks for maximum extensibility
    6 days ago
    The personal threat landscape: securing yourself smartly
    6 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    What to do if Google mail services are blocked?
    8 months ago
    How to Create a Digital Avatar on Instagram
    8 months ago
    Google search from another region
    8 months ago
    Latest News
    How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
    3 days ago
    How to enable Taskbar End Task option to close apps on Windows 11
    3 days ago
    How to check USB4 devices specs from Settings on Windows 11
    3 days ago
    How to enable new header UI for File Explorer on Windows 11
    1 week ago
  • Glossary
  • My Bookmarks
Reading: Svpeng.q Trojan infects Android devices from Google AdSense
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
ThreatsWordpress Threats

Svpeng.q Trojan infects Android devices from Google AdSense

Vitus White
Last updated: 13 October
Vitus White 4 years ago
Share
5 Min Read

If you don’t go to suspicious sites, malware can’t get you — right? Well, no. Unfortunately, even those who do not open unreliable e-mail attachments, avoid porn sites, and do not install apps from unofficial stores are not well-enough protected.

New developments suggest that malware can be found even on an absolutely legitimate site, as 318,000 thousand Android users found out when their Android devices were attacked by the Svpeng.q banking Trojan from Google AdSense advertisements.

Google AdSense is the biggest ad network in the world, so a lot of criminals dream about finding a way to use the network to spread their malicious programs worldwide. The creators of Svpeng.q managed to do it.

Banners posted by criminals launched automatic downloads of the Svpeng.q installation package with the help of a obfuscated script. Usually, Chrome browser warns users when a potentially dangerous file is downloaded, so the criminals used a special function to make device download the Trojan in parts, so it managed to slip unnoticed.

The script was set up to act only when it was launched on devices with a touch screen and only on the Chrome browser. That’s how criminals narrowed the target audience to users of Android tablets and smartphones — because Svpeng.q Trojan was written for Android.

Disassembling a #mobile #banking #Trojan attack – https://t.co/plcDumMXlu #infosec pic.twitter.com/BCgAiGSp22

— Kaspersky Lab (@kaspersky) November 7, 2016

You can read more about Svpeng.q in the detailed report published on Securelist. Long story short, it’s not that different from other banking Trojans; its main function is to overlay interfaces of mobile banks with fake ones, copy credit card data, and send the data to criminals. They in turn use it to steal victims’ money.

We reported our findings to Google, and developers made a patch that fixed the hole in Google Chrome that let the Trojan bypass security notification.

It’s noteworthy that if you download Svpeng, you won’t get infected immediately. You need to install it, and so the Trojan does its best to deceive: For example, the installation file may have a name like Android_update_6.apk or Instagram.apk, among others. This tactic seems to work well for cybercriminals.

#Malvertising is an ambiguous term referring to malicious online ads, fraudulent & legal alike. Learn more! http://t.co/atD0f6ygtJ

— Kaspersky Lab (@kaspersky) September 5, 2014

How to protect yourself from Trojans hiding in ads

Even legitimate sites can unwittingly put you at risk. To protect yourself, follow these guidelines:

1. Never open files if you are not sure how they got to your device. Just because a file is called android_update.apk doesn’t mean that it contains a system update. You can find out if the system has a legitimate update by checking Device Information under Settings.

2. Don’t allow the installation of apps from third-party stores. Every Android gadget includes this setting. That way, even if you mistakenly approve installation of such a pseudo-update, the system will stop it.

3. Install real updates as they become available. In addition, update Google Chrome on all of your Android devices as soon as it’s possible. Updating is quick, and it could save you time, hassle, and even money.

4. Use antivirus protection on all devices. In cases like this one, a real-time security solution can protect the user — unlike an on-demand antivirus scanner, which must be launched manually. Svpeng knows how to “kill” the processes of popular security solutions, so the scanners just won’t launch. On the contrary, the paid version of Kaspersky Antivirus & Security for Android detects Svpeng as Trojan.Banker.Androidos.Svpeng.Q — and blocks it easily.


Source: kaspersky.com

Translate this article

TAGGED: Chrome, Malware, PoC, Security, Threats, Trojan
Vitus White October 13, 2022 September 30, 2019
Share this Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Safeguards against firmware signed with stolen MSI keys
Threats 2 days ago
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
Wordpress Threats 2 days ago
How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
News 3 days ago
How to enable Taskbar End Task option to close apps on Windows 11
News 3 days ago
How to check USB4 devices specs from Settings on Windows 11
News 3 days ago

Recent Posts

  • Safeguards against firmware signed with stolen MSI keys
  • WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
  • How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
  • How to enable Taskbar End Task option to close apps on Windows 11
  • How to check USB4 devices specs from Settings on Windows 11

You Might Also Like

Threats

Safeguards against firmware signed with stolen MSI keys

2 days ago
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
Wordpress Threats

WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin

2 days ago
News

How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11

3 days ago
How To

What is two-factor authentication | Kaspersky official blog

3 days ago
Show More

Related stories

How to Use Cloudflare to Secure Your WordPress Site
How To Starting Chrome from the command line
How to fix error 0x80070057 in Chrome?
Windows 10 How To Disable Slide to Shutdown
Windows search not working (FIX)
How to watch movies and TV series for free on Kinopoisk?
Previous Next

10 New Stories

What is two-factor authentication | Kaspersky official blog
Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
NVIDIA GeForce RTX 4080 New Mercury Editions of Razer Blade 16 and Blade 18 now available
How Oxy uses hooks for maximum extensibility
The personal threat landscape: securing yourself smartly
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
Previous Next
Hot News
Safeguards against firmware signed with stolen MSI keys
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
How to enable Taskbar End Task option to close apps on Windows 11
How to check USB4 devices specs from Settings on Windows 11
10alert.com10alert.com
Follow US

© 10 Alert Network. All Rights Reserved.

  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?