"Since mid-July, Svpeng has been detected in Android devices by about 318,000 users, with infection rates reaching 37,000 victims with the intent of being in a day. The attacker discovered the map information to steal banking and personal data, hackers are using a bug in Chrome for Android. Kaspersky Lab said in a statement that the bug was corrected by Google.
The first known case of an attack of Svpeng android trojan with Chrome Android Bug came in mid-July in a news magazine in Russian, said the antivirus manufacturer, adding that the Trojan virus downloaded itself silentently when an Android user visted a website.
The infecction started from an infected ad placed in Google AdSense. The ad appears "normal" on uninfected phones, the Trojan will only download when the user accesses the page through the Chrome browser on an Android device.
"Svpeng disguised himself as a major upgrade to the browser or the popular application to convince the user to approve the installation.When the malware launches itself, it disappears from the list of installed applications, and asks the user for admin rights. When the malware gains admin rights it becomes more difficult to detect. Kaspersky, adding that the attacker had found a way to avoid some of Google's most important security features for Google Chrome.
Under normal circumstances, when an APK file is downloaded from a mobile device through an external link, the browser displays a warning that a potentially dangerous object is being downloaded. In this case, fraudsters found a vulnerability that allows APK files to be downloaded without notification to users. After detecting the error, Kaspersky Lab reports the problem immediately to Google.
The patch will be released in the next update of Google Chrome for Android, according to the company.
"The Svpeng case reaffirms the importance of collaboration between entreprises.Nous a common goal to protect users from cyber attacks, and it is important that we work together to achieve this objective and thank Google for its quick response. "We also encourage users to avoid downloading applications from untrustworthy sources and be cautious when it comes to what permissions they are asked to give and why," said Nikita Buchka, a malware analyst at Kaspersky Lab.
The Trojan Svpeng Mobile Banking malware is designed to steal credit card information. It also captures call histories, text and multimedia messages, browser bookmarks, and contacts. Svpeng is mainly attacks the Russian-speaking countries, but it has the potential to spread worldwide. Because of the specific nature of the distribution of malware, millions of web sites around the world are in danger as many of them are using AdSense ads network.
