Fri, Mar 24, 2017 | updated 05:30 PM IST

Mobile banker hits 318,000 android users via vulnerability in a popular browser

Updated: Nov 08, 2016 18:02 IST

New Delhi [India], Nov 8 (ANI): Kaspersky Lab experts recently discovered a modification of the mobile banking Trojan, Svpeng hiding in Google's advertising network AdSense.

Since mid-July, Svpeng has been detected on the Android devices of around318,000 users, with the rate of infection peaking at 37,000 victims in a day.

The attackers, intent on stealing bank card information and personal data such as contacts and call history, were exploiting a bug in Google Chrome for Android.

Now that Google has fixed the bug, Kaspersky Lab experts can reveal the full details of the attack.

The first known case of a Svpeng attack using the bug in Chrome for Android occurred in mid-July on an online Russian news outlet. During the attack, the Trojan silently downloaded itself onto the Android devices of the website's visitors.

In un-ravelling the attack process, Kaspersky Lab researchers found that the campaign started with an infected advert being placed on Google AdSense.

The advert displayed normally on uninfected web pages, with the Trojan only downloading when the user accessed the page via the Chrome browser on an Android device.

Svpeng disguised itself as an important browser update or popular application, to convince the user to approve the installation. Once the malware was launched it disappeared from the list of installed apps and asked the user to give it device admin rights.

It appeared that the attackers had found a way to bypass some key security features of Google Chrome for Android. Normally, when an APK file is downloaded on a mobile device via an external web link, the browser displays a warning that a potentially dangerous object is being downloaded. In this case, fraudsters found a security flaw that allowed APK files to be downloaded without notifying users.

On discovering the bug, Kaspersky Lab immediately reported the issue to Google. The patch will be issued in the nearest Google Chrome for Android update.

"The Svpeng case confirms, yet again, the importance of cooperation between companies. We share a common goal to protect users from cyber-attack, and it is vital that we work together to achieve this. We are happy to help make the Android ecosystem safer, and would like to thank Google for its prompt response to our report," said Malware analyst at Kaspersky Lab, Nikita Buchka.

"We also urge users to avoid downloading applications from un-trusted sources and to be cautious when it comes to what permissions they are asked to give and why," said Nikita Buchka, Malware analyst at Kaspersky Lab," added Buchka.

Kaspersky Lab advises customers to upgrade the Chrome for Android browser to the latest version, install an effective security solution and to be aware of the tools and techniques used by malware authors to trick them into installing malicious software and agreeing to far-reaching device rights.

The Svpeng mobile banking Trojan is designed to steal bank card information. It also collects call history, text and multimedia messages, browser bookmarks and contacts. Svpeng mainly attacks Russian-speaking countries, however it has the potential to spread globally. Due to the specific nature of the malware distribution, millions of web-pages globally are at risk, with many of them using AdSense to display adverts. (ANI)

New Delhi [India], Mar. 23 (ANI): Yaantra, a start-up that offers doorstep repair services and sells refurbished and pre owned smart-phones with warranty has now launched its first ever branded retail store in the city.

Full Story >>

New Delhi [India], Mar 24 (ANI): DataWind on Friday announced expansion in its product portfolio with the introduction of the largest smartphone in its lineup, the new MoreGMax 3G6 smartphone, with a six-inch screen priced at Rs. 5999 (approximately USD 90 USD).

Full Story >>

New Delhi [India], Mar 24 (ANI): Imagine losing all the photos, videos, messages, and documents you've stored on your computer. How much money would you be willing to pay to get it all back? Ransomware is malware that infects your computer, locks it, and demands payment for unlocking it. And the number of new ransomware has been at least doubling each year since 2013.

Full Story >>

New Delhi [India], Mar 23 (ANI): Nokia on Thursday announced the completion of the first pre-standard testing of 600MHz on commercially-available hardware, creating a test bed for terminal ecosystem development and availability.

Full Story >>

New Delhi [India], Mar. 23 (ANI): In keeping with Prime Minister Narendra Modi's vision of a 'New India', Google India and the Ministry of Electronics and Information Technology (MEITY) announced a set of initiatives aimed at empowering citizens and creating abundant opportunities for all.

Full Story >>

New Delhi [India], Mar 23 (ANI): World leader in digital security Gemalto on Thursday announced that Microsoft Azure Information Protection customers can now take advantage of the new "Hold Your Own Key" (HYOK) functionality using Gemalto's SafeNet Luna Hardware Security Modules (HSMs).

Full Story >>

New Delhi [India], Mar 23 (ANI): IBM on Thursday announced a strategic partnership to offer 'RetailSmart', an end-to-end fully integrated solution that will enable local 'Kirana' (unorganized) stores to become ecommerce ready.

Full Story >>

New Delhi [India], Mar 23 (ANI): "Where are you now?" and "What's your ETA?" Whether you're heading to a party or meeting up for dinner, you probably hear questions like this pretty often from family and friends. Soon Google Maps users worldwide will be able to answer those questions in just a few taps, without ever leaving the app.

Full Story >>

Build your brand through Snapchat!

Updated: Mar 23, 2017 12:38 IST

New Delhi [India], Mar. 23 (ANI): Oh Snap! Aren't you on Snapchat yet?

Full Story >>

New Delhi [India], Mar 22 (ANI): In the dynamic economic environment in India, businesses should focus on not just providing a good value for money product, but an equally excellent customer service experience to attract and retain customers. According to the findings of the American Express® 2017 Global Customer Service Barometer released today, 84 percent Indian consumers say the quality of customer service is very important when they're deciding to become or remain a customer.

Full Story >>

New Delhi [India], Mar.22 (ANI): Starting an online business is by no means an easy undertaking.

Full Story >>

New Delhi [India], Mar. 21 (ANI): Industry's broadest and most integrated public cloud Oracle has announced that an increasing number of global enterprises, SMBs, and ISVs are choosing the Oracle Cloud Platform to speed innovation, simplify IT, reduce costs, and deliver stellar customer experiences to easily develop, test, and deploy high-performance applications in the cloud.

Full Story >>

New Delhi [India], Mar. 21 (ANI): IBM and Red Hat, Inc. On Tuesday announced a strategic collaboration designed to help enterprises benefit from the OpenStack platform's speed and economics while more easily extending their existing Red Hat virtualized and cloud workloads to the IBM Private Cloud.

Full Story >>

New Delhi/ Bengaluru [India], Mar. 21 (ANI) LeEco has announced its exclusive partnership with Amazon, for its newly launched globally acclaimed, next generation ecotvs in India. To kick-start the partnership and incentivize consumers, several great offers have been extended which are proving to be a big hit.

Full Story >>

New Delhi [India], Mar. 21 (ANI): More than 99 percent of all malware designed for mobile devices targets Android devices, explained Olaf Pursche, Head of Communications at AV-TEST, in the F-Secure State of Cyber Security 2017.

Full Story >>

NEC joins FIWARE Foundation as platinum member

Updated: Mar 21, 2017 12:01 IST

Tokyo [Japan], Mar. 21 (ANI): NEC Corporation (NEC; TSE: 6701) has announced that it has joined the FIWARE Foundation e.V., a non-profit organization promoting the dissemination of FIWARE technology (*1), as a platinum member. NEC is the first and only Japanese company to join the foundation.

Full Story >>

Dusseldorf /Tokyo [Japan], Mar. 21 (ANI): NEC Corporation (NEC; TSE: 6701) has announced that NEC Deutschland GmbH has delivered a supercomputer utilizing NEC's scale-out LX series compute servers featuring the new Intel® Xeon® E5-2600 v4 product family, to RWTH Aachen University, one of 11 "Universities of Excellence" in Germany, offering high performance computing services for engineering and scientific research.

Full Story >>

New Delhi [India], Mar 20 (ANI): HTC Corporation, a leading innovator in mobile and virtual reality technology has announced the launch of HTC Sense Companion on its recently launched flagship smartphones HTC U Ultra and HTC U Play.

Full Story >>

New Delhi [India], Mar. 20 (ANI): The advent of smartphones within the country has brought about a paradigm change in the lifestyles of Indian consumers. But with the rise in online transactions, mobile-based banking, and the amount of personal data stored on mobile devices, there have also emerged serious questions about the security aspect. It is to address these qualms and to make mobile usage more secure for its end-users that very few brands have integrated iris scanners in their smartphones.

Full Story >>

New Delhi [India], Mar 20 (ANI): Digital clutter is growing due to an explosion in application usage and advances in the storage capacity of devices. But poor maintenance of these apps is leaving devices vulnerable to security threats. A new report by Kaspersky Lab reveals the scale of the digital clutter problem among Internet users worldwide.

Full Story >>