Fri, Feb 24, 2017 | updated 06:33 PM IST

Mobile banker hits 318,000 android users via vulnerability in a popular browser

Updated: Nov 08, 2016 18:02 IST

New Delhi [India], Nov 8 (ANI): Kaspersky Lab experts recently discovered a modification of the mobile banking Trojan, Svpeng hiding in Google's advertising network AdSense.

Since mid-July, Svpeng has been detected on the Android devices of around318,000 users, with the rate of infection peaking at 37,000 victims in a day.

The attackers, intent on stealing bank card information and personal data such as contacts and call history, were exploiting a bug in Google Chrome for Android.

Now that Google has fixed the bug, Kaspersky Lab experts can reveal the full details of the attack.

The first known case of a Svpeng attack using the bug in Chrome for Android occurred in mid-July on an online Russian news outlet. During the attack, the Trojan silently downloaded itself onto the Android devices of the website's visitors.

In un-ravelling the attack process, Kaspersky Lab researchers found that the campaign started with an infected advert being placed on Google AdSense.

The advert displayed normally on uninfected web pages, with the Trojan only downloading when the user accessed the page via the Chrome browser on an Android device.

Svpeng disguised itself as an important browser update or popular application, to convince the user to approve the installation. Once the malware was launched it disappeared from the list of installed apps and asked the user to give it device admin rights.

It appeared that the attackers had found a way to bypass some key security features of Google Chrome for Android. Normally, when an APK file is downloaded on a mobile device via an external web link, the browser displays a warning that a potentially dangerous object is being downloaded. In this case, fraudsters found a security flaw that allowed APK files to be downloaded without notifying users.

On discovering the bug, Kaspersky Lab immediately reported the issue to Google. The patch will be issued in the nearest Google Chrome for Android update.

"The Svpeng case confirms, yet again, the importance of cooperation between companies. We share a common goal to protect users from cyber-attack, and it is vital that we work together to achieve this. We are happy to help make the Android ecosystem safer, and would like to thank Google for its prompt response to our report," said Malware analyst at Kaspersky Lab, Nikita Buchka.

"We also urge users to avoid downloading applications from un-trusted sources and to be cautious when it comes to what permissions they are asked to give and why," said Nikita Buchka, Malware analyst at Kaspersky Lab," added Buchka.

Kaspersky Lab advises customers to upgrade the Chrome for Android browser to the latest version, install an effective security solution and to be aware of the tools and techniques used by malware authors to trick them into installing malicious software and agreeing to far-reaching device rights.

The Svpeng mobile banking Trojan is designed to steal bank card information. It also collects call history, text and multimedia messages, browser bookmarks and contacts. Svpeng mainly attacks Russian-speaking countries, however it has the potential to spread globally. Due to the specific nature of the malware distribution, millions of web-pages globally are at risk, with many of them using AdSense to display adverts. (ANI)

WhatsApp's new 'status' feature goes live

Updated: Feb 24, 2017 12:25 IST

New Delhi [India], Feb. 24 (ANI): WhatsApp's on Friday rolled out its new feature 'Status' live across Android, iOS and Windows software wherein the users can upload pictures and videos for their contacts to see, instead of regular text status message.

Full Story >>

New Delhi [India], Feb 24 (ANI): World's leading information technology (IT) association CompTIA has unveiled a groundbreaking, vendor-neutral certification, CompTIA Cyber security Analyst (CSA+), the first of its kind to bring behavioral analytics to the forefront of assessing cyber threats.

Full Story >>

New Delhi [India], Feb. 24 (ANI): Verizon and Ericsson enabled an operational shift of 5G network from technology trials to pre-commercial pilots in the field in multiple cities across United States of America.

Full Story >>

Amsterdam [Netherlands]/Tokyo [Japan], Feb.23 (ANI): ISE 2017, the largest audio-visual and systems integration show, was held recently in Netherlands.

Full Story >>

New Delhi [India], Feb. 23 (ANI): Google has always made sure to celebrate every special affair around the globe.

Full Story >>

Mumbai (Maharashtra) [India], Feb. 22 (ANI): Microsoft's Chief Executive Officer (CEO) Satya Nadella on Wednesday announced the launch of a new skilling tool called 'Project Sangam' for Indian citizens.

Full Story >>

New Delhi [India], Feb 22 (ANI): According to Kaspersky Lab "Spam and phishing in 2016"report, about 20 percent of all spam emails in Q4 2016distributed ransomware Trojans. The Kaspersky Lab spam report also identified the following trends in 2016

Full Story >>

HP launches OMEN gaming portfolio in India

Updated: Feb 22, 2017 15:32 IST

New Delhi [India], Feb. 22 (ANI): HP Inc. launched the debut of its gaming portfolio in India - OMEN by HP, featuring an array of products built for gamers combining the latest in PC innovation, delivering power and performance to dominate competition.

Full Story >>

New Delhi [India], Feb. 22 (ANI): Optical fibre broadband service provider Spectranet on Wednesday announced their next phase of expansion in South India by launching its operations in Bengaluru.

Full Story >>

New Delhi, [India], Feb. 22 (ANI): ADDA GateKeeper, a security management platform for apartment complexes, launched a range of security measures to tighten security in large apartment complexes across most Tier I cities.

Full Story >>

Who controls your car without you knowing?

Updated: Feb 21, 2017 16:43 IST

New Delhi [India], Feb.21 (ANI): Kaspersky Lab researchers have examined the security of applications for the remote control of cars from several famous car manufacturers. As a result, the company's experts have discovered that all of the applications contain a number of security issues that can potentially allow criminals to cause significant damage for connected car owners.

Full Story >>

New Delhi [India], Feb 21 (ANI): World leader in digital security Gemalto is presenting the newest release of its On Demand Connectivity and eSIM technology for Windows 10 devices, in connection with Microsoft.

Full Story >>

New Delhi [India], Feb. 21 (ANI): In lieu of its eighth birthday on February 24, 2017, WhatsApp messenger, the instant messaging platform introduced a new update which is set to revamp the status feature.

Full Story >>

New Delhi [India], Feb 20 (ANI): NEC Corporation has announced that it has completed joint verification trials with NTT DOCOMO, Inc. using Massive Multiple Input Multiple Output (MIMO), a core technology for 5G base stations.

Full Story >>

New Delhi [India], Feb 19 (ANI): SyncNScan is a young company, which was set up by ex-Microsoft leaders and they were pioneers in introducing anti-virus for mobile devices.

Full Story >>

New Delhi [India], Feb. 17 (ANI): Ericsson introduced a 5G platform for the needs of the first movers in 5G. Communications are rapidly moving toward data-heavy applications like Virtual Reality and Augmented Reality everywhere.

Full Story >>

New Delhi [India], Feb. 17 (ANI): Aeris Communications' 'AerCloud' is an IoT cloud platform for collecting, managing and analysing sensor data for Internet of Things (IoT) and machine-to-machine (M2M) applications.

Full Story >>

New Delhi [India], Feb. 17 (ANI): Oracle India on Thursday announced that Oracle Management Cloud service has provided Indian companies with smarter insights and swifter action, thereby eliminating slow transactions.

Full Story >>

New Delhi [India], Feb 16 (ANI): LeEco, the internet and technology conglomerate's second generation Superphones Le2 (3+32) and Le Max2 to be a star attraction on popular e-commerce platform, Snapdeal during their Exchange Offer Days between February 16 to 18.

Full Story >>

New Delhi [India], Feb 16 (ANI): Kaspersky Lab on Thursday announced the

Full Story >>