On August 15th, malware researchers from Kaspersky have spotted a new hacking campaign that abused Google AdSense to deliver a malware on Android devices. According to Security Affairs, the malware is delivered on the victim’s mobile device when they visit certain Russian websites, even without user’s interaction. The malicious code asks for admin rights and attempts to steal user credentials via displaying bogus login pages. The malware is able to perform other malicious operations, such as intercepting and deleting text messages.
“By simply viewing their favorite news sites… users can end up downloading last-browser-update.apk, a banking Trojan detected by Kaspersky Lab solutions as Trojan-Banker.AndroidOS.Svpeng.q.” reads a blog post published by Kaspersky. Google has promptly fixed the problem.