The old Svpeng Trojan has been renewed and was used to infect over 318,000 Android users thanks to a vulnerability in Android’s Chrome browser. This Trojan is made to steal private information from victim’s device, such as bank card details, read and send out private messages, and carry out other illegal activities. Reports show that the mobile banking Trojan reached nearly 37,000 victims per day, which is a strikingly large number, to say at least. What is worse is that Chrome users might need to wait about three weeks until the vulnerability in Chrome for Android gets fixed. Although the gigantic company has acknowledged the problem and stopped the flow of malware-laden ads, the vulnerability in the mobile browser is still open and needs to be patched. Sadly, Android users might have to wait for this until December, when the next browser update appears. In the meantime, users should take all necessary precautions to protect their devices from this mobile Trojan.
It seems that the banking Trojan horse only attacks smart devices with the Russian-language interface, most likely those that are owned by Russian residents and those living in CIS countries. Svpeng Trojan first exploited Chrome’s flaw in mid-July via online Russian news outlet. It appears that fraudsters have injected malware-laden ads to Google AdSense, and as a result, these were displayed on legitimate and virus-free websites. These malicious ads showed up for users who accessed such sites via Chrome on Android device, saying that the device has been compromised already and that the user needs to install anti-malware tool to make the device safe again. If the user accepted the offer to install this tool, Svpeng Trojan was installed on the mobile right away. However, eventually actors behind Svpeng banking Trojan have found a way to bypass some Chrome’s security features and push the Trojan to the user without displaying any pop-ups or alerts.
It is a well-known fact that Android devices and applications that can be installed on them are quite pervious to mobile malware attacks. To protect your device from malevolent virus variants such as Svpeng, Android virus or Android ransomware, update all applications frequently and install a reliable anti-malware software compatible with your Android device.