Svpeng Android Malware Found Slithering Through Google AdSense Network

Whenever I give advice on keeping Windows secure from the many threats on the web, I preface things by saying that even the safest computing habits aren't enough these days. Simply visiting a compromised website can get your system infected, but it's not just Windows users that are at risk. Researchers at security outfit Kaspersky Lab discovered a banking Trojan that's compromising Android users by way of Google's AdSense program.

There are plenty of websites out there that use Google's AdSense advertising network, including news sites.

"By simply viewing their favorite news sites over their morning coffee users can end up downloading last-browser-update.apk, a banking Trojan detected by Kaspersky Lab solutions as Trojan-Banker.AndroidOS.Svpeng.q. There you are, minding your own business, reading the news and BOOM! – no additional clicks or following links required. And be careful – it’s still out there!," the researchers warn.


The Svpeng Trojan is especially devious because it's downloaded as soon a page with the infected advertisement is loaded on a mobile device. It hides itself after installing and launching—there's no trace of it in the list of installed apps on your phone. The Trojan also gains access to admin rights, which makes it more difficult for antivirus software to remove.

Svpeng is designed to steal bank card information. One of the ways it does that is by creating phishing windows to trick users into entering their login information, which it then intercepts and presumably transmits to the Trojan's author.

The Trojan also combs through a user's phone to collect various information, things such as the user's call history, text and multimedia messages, browser bookmarks, and contacts. So basically it spies on people with infected handsets and tries to steal their banking information.

This is a black eye for Google. It has to do a better job at protecting its AdSense network from outbreaks like this, especially since so much of the web's free content is dependent on advertising revenue. At least in this case Svpeng appears to only be targeting users in Russia, but even so, this reflects badly on the Mountain View outfit.