Two Malware Analysts from Kaspersky Labs announced today on securelist.com that they had found another Trojan coming from the Google AdSense network targeting Android users, searching in particular for banking information.
The malicious code has been given the cryptic label of Trojan-Banker.AndroidOS.Svpeng.q, and is but one of several versions of the Svpeng trojan previously reported on by Kaspersky. This latest edition has fooled several large sites, including the AdSense network, and appears to be downloading an APK file called last-browser-update.apk on some Android systems.
The two analysts, Nikita Buchka, and Mikhail Kuzin warns Android users to be careful, since the malware is still floating around on the net, and even if it gets removed from the AdSense display network, other ad serving sites and networks might still carry the code.
The code is said to be sophisticated enough to circumvent security measures, by completing their verification process for them, and by taking control of the victims Texting and Phone capabilities, they can intercept and manipulate with 2 factor authentication and other security measures using these functionalities.
Trojan-Banker once installed, removes itself from the list of installed applications so that victims can’t easily remove them, and makes the removal even harder by attempting to give itself admin rights and thus hinder any access. The analysts go further and list some of the information that the Trojan collects from its victims, and that includes contact persons, call history, text history, bookmarks and more.
Currently it is thought that only Android users with their security settings altered for allowing downloads from unverified sources are vulnerable, so unless you have been fiddling with firmware or custom Pokémon Go APK’s, you should be alright.
The Daily News Grabber is currently in contact with security consultants for advice on how to remove this or any similar Trojan.