By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    Bad Rabbit: A new ransomware epidemic is on the rise
    12 months ago
    Go to a porn site, get a virus — right?
    12 months ago
    Momo, the horror from WhatsApp
    12 months ago
    Latest News
    Two privilege escalation vulnerability in Simple Membership Plugin
    12 hours ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)
    7 days ago
    Exploring Winrar Vulnerability (CVE-2023-38831) | McAfee Blog
    1 week ago
    Two PHP Object Injection Vulnerabilities Fixed in Essential Blocks
    1 week ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    The creator of malware has infected her own computer
    12 months ago
    Windows 11 build 25163 out with new Taskbar Overflow feature
    12 months ago
    How to fix Microsoft Store not working on Windows 11
    12 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    7 months ago
    Now you can speed up any video in your browser
    7 months ago
    How to restore access to a file after EFS or view it on another computer?
    8 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    8 months ago
  • How To
    How ToShow More
    How to get the latest Windows 11 innovations
    15 hours ago
    Dynamic Lighting is now available on Windows 11
    15 hours ago
    Writing poems using LLama 2 on Workers AI
    Writing poems using LLama 2 on Workers AI
    15 hours ago
    serverless GPU-powered inference on Cloudflare’s global network
    serverless GPU-powered inference on Cloudflare’s global network
    15 hours ago
    You can now use WebGPU in Cloudflare Workers
    You can now use WebGPU in Cloudflare Workers
    15 hours ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    Permanently delete files from HDD on Windows
    11 months ago
    Hiding from surveillance in the browser
    11 months ago
    Creating an ASCII banner in DuckDuckGo
    11 months ago
    Latest News
    How to install September 2023 update with 23H2 features for Windows 11
    20 hours ago
    How to uninstall September update (KB5030310) from Windows 11
    20 hours ago
    How to remove the quiet mode icon in the corner of the iPhone 15 screen ProiPhone 15 Pro and iPhone
    2 days ago
    Sberbank has figured out how to effectively catch scammers – it will listen to everything you
    2 days ago
  • Glossary
  • My Bookmarks
Reading: Svpeng.q Trojan infects Android devices from Google AdSense
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
ThreatsWordpress Threats

Svpeng.q Trojan infects Android devices from Google AdSense

Vitus White
Last updated: 13 October
Vitus White 4 years ago
Share
5 Min Read

If you don’t go to suspicious sites, malware can’t get you — right? Well, no. Unfortunately, even those who do not open unreliable e-mail attachments, avoid porn sites, and do not install apps from unofficial stores are not well-enough protected.

New developments suggest that malware can be found even on an absolutely legitimate site, as 318,000 thousand Android users found out when their Android devices were attacked by the Svpeng.q banking Trojan from Google AdSense advertisements.

Google AdSense is the biggest ad network in the world, so a lot of criminals dream about finding a way to use the network to spread their malicious programs worldwide. The creators of Svpeng.q managed to do it.

Banners posted by criminals launched automatic downloads of the Svpeng.q installation package with the help of a obfuscated script. Usually, Chrome browser warns users when a potentially dangerous file is downloaded, so the criminals used a special function to make device download the Trojan in parts, so it managed to slip unnoticed.

The script was set up to act only when it was launched on devices with a touch screen and only on the Chrome browser. That’s how criminals narrowed the target audience to users of Android tablets and smartphones — because Svpeng.q Trojan was written for Android.

Disassembling a #mobile #banking #Trojan attack – https://t.co/plcDumMXlu #infosec pic.twitter.com/BCgAiGSp22

— Kaspersky Lab (@kaspersky) November 7, 2016

You can read more about Svpeng.q in the detailed report published on Securelist. Long story short, it’s not that different from other banking Trojans; its main function is to overlay interfaces of mobile banks with fake ones, copy credit card data, and send the data to criminals. They in turn use it to steal victims’ money.

We reported our findings to Google, and developers made a patch that fixed the hole in Google Chrome that let the Trojan bypass security notification.

It’s noteworthy that if you download Svpeng, you won’t get infected immediately. You need to install it, and so the Trojan does its best to deceive: For example, the installation file may have a name like Android_update_6.apk or Instagram.apk, among others. This tactic seems to work well for cybercriminals.

#Malvertising is an ambiguous term referring to malicious online ads, fraudulent & legal alike. Learn more! http://t.co/atD0f6ygtJ

— Kaspersky Lab (@kaspersky) September 5, 2014

How to protect yourself from Trojans hiding in ads

Even legitimate sites can unwittingly put you at risk. To protect yourself, follow these guidelines:

1. Never open files if you are not sure how they got to your device. Just because a file is called android_update.apk doesn’t mean that it contains a system update. You can find out if the system has a legitimate update by checking Device Information under Settings.

2. Don’t allow the installation of apps from third-party stores. Every Android gadget includes this setting. That way, even if you mistakenly approve installation of such a pseudo-update, the system will stop it.

3. Install real updates as they become available. In addition, update Google Chrome on all of your Android devices as soon as it’s possible. Updating is quick, and it could save you time, hassle, and even money.

4. Use antivirus protection on all devices. In cases like this one, a real-time security solution can protect the user — unlike an on-demand antivirus scanner, which must be launched manually. Svpeng knows how to “kill” the processes of popular security solutions, so the scanners just won’t launch. On the contrary, the paid version of Kaspersky Antivirus & Security for Android detects Svpeng as Trojan.Banker.Androidos.Svpeng.Q — and blocks it easily.


Source: kaspersky.com

Translate this article

TAGGED: Chrome, Malware, PoC, Security, Threats, Trojan
Vitus White October 13, 2022 September 30, 2019
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Two privilege escalation vulnerability in Simple Membership Plugin
Two privilege escalation vulnerability in Simple Membership Plugin
Wordpress Threats 15 hours ago
How to get the latest Windows 11 innovations
Windows 15 hours ago
Dynamic Lighting is now available on Windows 11
Windows 15 hours ago
Writing poems using LLama 2 on Workers AI
Writing poems using LLama 2 on Workers AI
Apps 15 hours ago
serverless GPU-powered inference on Cloudflare’s global network
serverless GPU-powered inference on Cloudflare’s global network
Apps 15 hours ago

You Might Also Like

Two privilege escalation vulnerability in Simple Membership Plugin
Wordpress Threats

Two privilege escalation vulnerability in Simple Membership Plugin

15 hours ago
Windows

How to get the latest Windows 11 innovations

15 hours ago
Writing poems using LLama 2 on Workers AI
Apps

Writing poems using LLama 2 on Workers AI

15 hours ago
You can now use WebGPU in Cloudflare Workers
Apps

You can now use WebGPU in Cloudflare Workers

15 hours ago
Show More

Related stories

How to upgrade to Windows 11 23H2 with Installation Assistant
Critical Vulnerability in Forminator Plugin
How to blur image background in Photos for Windows 11
How to download official Windows 11 23H2 ISO file
PHP Object Injection Vulnerability in Flatsome Theme
How to download Windows 11 22H2 ISO after 23H2 releases
Previous Next

10 New Stories

You can now use WebGPU in Cloudflare Workers
How to install September 2023 update with 23H2 features for Windows 11
How to uninstall September update (KB5030310) from Windows 11
Traffic anomalies and notifications with Cloudflare Radar
Sippy helps you avoid egress fees while incrementally migrating data from S3 to R2
the modern way to connect and protect your clouds, networks, applications and users
Previous Next
Hot News
Two privilege escalation vulnerability in Simple Membership Plugin
How to get the latest Windows 11 innovations
Dynamic Lighting is now available on Windows 11
Writing poems using LLama 2 on Workers AI
serverless GPU-powered inference on Cloudflare’s global network
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?