Header Ads

Android Chrome exploit allows Svpeng trojan to bypass security measure

The mobile banking trojan Svpeng continues to infect Android devices through malvertising operations delivered via the Google AdSense network. But at least experts at Ethical Hackers Club now understand how the malicious APK has been able to automatically download itself while bypassing Google Chrome browser permissions.
According to Ethical Hackers Club , Google has developed a patch in response, but it will not take hold until the next official browser update.
Usually, a suspicious mobile program would trigger a Chrome alert screen that asks the user for permission to download the software. However, Svpeng's authors programmed the JavaScript malware to download in small, encrypted blocks of 1024 bytes, delivered in a piecemeal style to the device.

The individual blocks are able to bypass Google Chrome's security measures; consequently, the device owner never gets a notification. Once all of the disassembled code has been assigned, Svpeng patches itself on the device's SD card. This system does not work on other browsers.
The malware is automatically downloaded in the original place because the malicious code within the ad message emulates a click on the ad as if the user did it himself.

Must read: Android Security Solutions

“When this process was used, Chrome's download manager did not perform a check on the file type of saved content,” defined Supriya Patil, Ethical Hackers Club's malware analyst.
According to a Google spokesperson, the fix is "currently being tested in Chrome 54 and will be live 100 percent in Chrome 55." Additionally, the spokesperson noted that Google's Verify Apps tool, when enabled, provides warnings for Svpeng downloads, even if Chrome doesn't. And while the company doesn't have precise numbers, "the installs are much lower as reported by Ethical Hackers Club."

Meanwhile, Google has taken steps to block the ads effective for spreading the Trojan, noted Ethical Hackers Club. Although, the IT group has recognized multiple spikes in Svpeng activity of late, detecting infections in 320,000 users over a three-month period commencing in August. Attacks rose in beginning of October, during which there were as many as roughly 39,000 in a single day. Admittedly, the malicious ads “can be shown to a huge amount of users in a short span of time,” said Supriya.

Must read: Best Child Tracking Tools

Svpeng is produced to steal bank card information via phishing windows; catch, delete and send text messages; and obtain user phone data. Currently, the malware only affects devices with a Russian-language interface. “However, next time [the culprits] push their ‘adverts' on AdSense they may well choose to attack users in other countries.

Join Us at Our Events

Powered by Blogger.