Targeting Android devices to automatically download malware via Google AdSense advertisement rampant

ByJonathan Chen

Google's ad serving platform "Google AdSense"It is clear that the surprising method of spreading malware and doing bank fraud exists.

Google stops AdSense attack that forced banking trojan on Android phones | Ars Technica
http://arstechnica.com/security/2016/11/google-stops-adsense-attack-that-forced-banking-trojan-on-android-phones/


Malicious Google AdSense ads andZero Day AttackUsing the combination of, it became clear that there is malware that infects the terminal via Android 's Chrome browser and finally works bank fraud. The file name of this malware is "Banker.AndroidOS.Svpeng" and it is spread over the Internet via Google AdSense advertisement for over 2 months. It seems that this malicious ad spotted a vulnerability of Android and automatically downloaded the malware file to the terminal.

Develop security related softwareAccording to Kaspersky, "318 thousand Android devices are infected with this malware." However, malware files are not automatically installed on the terminal. The malware fileAPKIt is downloaded as a file, but it disguises as the latest browser update etc. so that the user installs it manually.


Kaspersky already has reported this malware to Google and Google has taken action to stop malicious ads from being delivered via Google AdSense. Kaspersky researchers Nikita Buckra and Anton Kiva said, "So far, malware-based fraud has been targeted only to Russian smartphone users, but attacks via AdSense are not targeted by other In fact, I have seen such cases in the past.When I thought about letting thousands of thousands of mobile terminals download malicious malware, I decided to use the most famous ad delivery platform There is no more effective way than using it, "points out the influence of malware spamming methods via Google AdSense.

In addition, Google spokesperson reveals that it fixed vulnerability which automatically downloads files with Chrome version 54. Furthermore, the spokesperson claims that the OS displays a warning when trying to install a malicious application by Android's security function. However, there was no explanation as to why malicious ads passed the Google AdSense security check.

In the first week of November 2016 malware was scattered by a similar wayclearIt is becoming. It is the security company that found thisCylanceHe said that a malware advertisement targeting macOS was released via Google AdWords. According to Kaspersky researchers, it seems that Google stopped delivering these advertisements very quickly, "Since this is a reactive approach rather than a proactive approach, malicious ads are blocked However, malware has already slipped into thousands of terminals. "

In order not to be infected by such malware, Kaspersky notes that it installs only applications that are distributed on Google Play, Google official app store, and Kaspersky urges attention. In addition, it is said that "becoming more skeptical" will also prevent malware from infecting against Web pages that recommend installing applications.