Scammers Used Google AdSense to Drop Malware on Android Devices
Google AdSense targeted by Malware mimicking as Login Pages of Popular Websites and Apps

Keystroke logging malware has become the most dangerous threat for security firms and users alike. It is a malware that has the ability to sneak into a system and steal usernames and passwords. Previously this threat was limited to laptops and PCs but now this malware has spread to mobile devices as well.

This malware is designed in a way that it impersonates login pages of popular applications and websites so that users enter their user names and passwords comfortably. Once this is done, the malware further entices the users to enter other critically important (and useful for hackers) information including social media account credentials, banking credentials and other such private data. Needless to assume, the information is received automatically by attackers.

Must Read: Alert Users: MSN Main Page Dropping Malware on User PCs

Now, the news is that this particular malware has eyes on Google AdSense network. This was confirmed by Kaspersky Lab, a renowned security firm. According to the firm’s analysis, the malware gets downloaded when certain Russian websites are visited by users. The malware is so advanced that it doesn’t even need users to click on the infected ads but instead, it asks for admin rights and attempts to steal user credentials via showing fake login pages. It also intercepts and deletes text messages. The malware is particularly effective on Android devices.

google-adsense-used-in-malware-phishing-scam-against-android-users-2
Screenshot shows infected ads visible on RT’s website

Kaspersky researchers believe that this malware is an “a gratuitous act of violence against Android users.”

Furthermore, the security firm stated that the reason why this malware is succeeding in deceiving users is that it shows them login pages of their favorite websites or apps. “By simply viewing their favorite news sites over their morning coffee users can end up downloading last-browser-update.apk, a banking Trojan,” stated Kaspersky researchers.

In an email, Google’s representative explained that the issue has already been resolved and that there isn’t any indication that more than one websites were affected by this malware.

Must Read: Scammers hack BBC, MSN, NYT sites to serve malicious ads

To remain safe from such phishing attacks and remove malware, you need to keep your operating system updated all the time and delete unused apps. The reason is that older content whether an OS or an App could harvest bugs and viruses. It also becomes vulnerable to attacks from these kinds of malware. Never accept invitations of new app installation from third-party forums or unauthentic app stores. Unless it is available on iTunes or Google Play store, do not pay any attention to the app.

Owais Sultan

Owais takes care of Hackread’s social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.