Malware That Fakes Bank Login Screens Found In Google Ads

tedlistens quotes a report from Fast Company: For years, security firms have warned of keystroke logging malware that surreptitiously steals usernames and passwords on desktop and laptop computers. In the past year, a similar threat has begun to emerge on mobile devices: So-called overlay malware that impersonates login pages from popular apps and websites as users launch the apps, enticing them to enter their credentials to banking, social networking, and other services, which are then sent on to attackers. Such malware has even found its way onto Google's AdSense network, according to a report on Monday from Kaspersky Lab. The weapon would automatically download when users visited certain Russian news sites, without requiring users to click on the malicious advertisements. It then prompts users for administrative rights, which makes it harder for antivirus software or the user to remove it, and proceeds to steal credentials through fake login screens, and by intercepting, deleting, and sending text messages. The Kaspersky researchers call it "a gratuitous act of violence against Android users." "By simply viewing their favorite news sites over their morning coffee users can end up downloading last-browser-update.apk, a banking Trojan detected by Kaspersky Lab solutions as Trojan-Banker.AndroidOS.Svpeng.q," according to the company. "There you are, minding your own business, reading the news and BOOM! -- no additional clicks or following links required." The good news is that the issue has since been resolved, according to a Google spokeswoman. Fast Company provides more details about these types of attacks and how to stay safe in its report.

Ads have long been a risk to security

[melting_clock]

Unfortunately for sites that rely on advertising to survive, malware delivery through ads is nothing new and this forces many people to block ads as part of their online security. This is not because the sites they visit are not trustworthy. It is simply due to the fact that not every advertiser can be trusted and the companies serving ads have failed to effectively prevent malware getting on to their networks. Criminals distributing their malware through ads are able to reach legitimate web sites that they would be unable to compromise, expanding their reach to a larger audience and making it an attractive option.

Many of us would be happy to view ads to support our favourite sites but are unwilling to take the risk. Antivirus software can only protect against known threats so, when new malware is constantly being discovered, their success rate of detection can never be 100%. Antivirus software forms part of a sensible online security plan but it does not replace ad blocking or blocking third party scripts.

advertisement is evil

[Tom]

And with that, all the "good advertisers" bullshit is dead. Not just scammy and shady ad networks deliver malware. Advertisement is evil and needs to die, at least the way it is handled right now. The whole thing needs to be made illegal and restarted fresh with a clean slate and the first question should be "what do we, the users, want from advertisement?".

I like product information, for example. I'm a big fan of sites that compare products. These days, there are a thousand mobile phones, or printers, or vacation destinations, or chairs or cars or really anything, and it's not easy to find the one that's perfect for you.
There's also new and interesting stuff coming out all the time, and most of us miss most of it. Something that focusses on these aspects, on the customer desires, that would be wonderful.