Android virus infects over 300,000 devices in two months

According to security researchers, an Android-based banking Trojan that exploits a vulnerability in the Chrome browser has been identified. The virus being dubbed as Svpeng allows hackers to inconspicuously upload infected applications on oblivious victims’ devices, without the need for the owner’s permission or input. According to the report, the malware circulation started when hackers placed an infected ad on Google AdSense.

Researchers have identified that in the last two months, the virus had infected more than 300,000 devices. At one point, the situation got so out of control that targeted devices reached a peak of 37,000 devices in a day. The vulnerability was first identified in August this year, when hackers were able to use Svpeng to steak not only bank card data but also personal data like contacts and call history. Worst yet, the virus even allowed the unauthorized infiltrators to send, read, delete and intercept text messages off a hacked device.

It’s not like Google has not been notified of the virus; researchers at Kaspersky Lab, the lab that discovered the Svpeng, Nikita Buchla and Anton Kivva have confirmed that the company has been intimated about the vulnerability, following which Google issued a patch to fix the vulnerability in Google Chrome. According to them, the patch is going to go in affect when Google rolls out the next Chrome update.

According to Buchla and Kivva Google promptly blocked the ads that were used to push the virus on Google AdSense. Of course, critics are quick to note that this is a reactive, rather than a proactive approach. By the time a patch was developed, Svpeng had already affected hundreds of thousands of Android devices. Also worth nothing is that in spite of the fact that Google tried to remove the affected ads from AdSense, they have been identified on the platform as recent as October.

Investigations have revealed that the malware tricked users into installing it by disguising itself as a critical browser update or an app update. Once installed, victims are prompted to provide the malware administrative rights after disappearing from the list of installed applications. It has also been noted that the malware doesn’t work on other browsers, where users are asked whether they want to save the file or not (which makes the user suspicious). This further highlights how other browsers have done the troubleshooting to address a situation like this from occurring.

Another thing observed regarding the virus was how it targeted only smartphones with an interface in Russian language. Of course, this does not mean that they wouldn’t penetrate other languages and regions as well. One can never be too sure about these things.

If you’re switching to a new device, and transfer content using a content transfer app, be sure to have the latest version of the Chrome browser. Even if you don’t have a new device, Android users should install the Chrome update as soon as it is rolled out.