Malware That Fakes Bank Login Screens Found In Google Ads

tedlistens quotes a report from Fast Company: For years, security firms have warned of keystroke logging malware that surreptitiously steals usernames and passwords on desktop and laptop computers. In the past year, a similar threat has begun to emerge on mobile devices: So-called overlay malware that impersonates login pages from popular apps and websites as users launch the apps, enticing them to enter their credentials to banking, social networking, and other services, which are then sent on to attackers. Such malware has even found its way onto Google's AdSense network, according to a report on Monday from Kaspersky Lab. The weapon would automatically download when users visited certain Russian news sites, without requiring users to click on the malicious advertisements. It then prompts users for administrative rights, which makes it harder for antivirus software or the user to remove it, and proceeds to steal credentials through fake login screens, and by intercepting, deleting, and sending text messages. The Kaspersky researchers call it "a gratuitous act of violence against Android users." "By simply viewing their favorite news sites over their morning coffee users can end up downloading last-browser-update.apk, a banking Trojan detected by Kaspersky Lab solutions as Trojan-Banker.AndroidOS.Svpeng.q," according to the company. "There you are, minding your own business, reading the news and BOOM! -- no additional clicks or following links required." The good news is that the issue has since been resolved, according to a Google spokeswoman. Fast Company provides more details about these types of attacks and how to stay safe in its report.

Please log in to slashdot.

In order to view this post, please reply to it by logging into your slashdot account. Please enter your username and password in the reply box and press the "preview" and "submit" buttons.

And publishers complain about ad blockers

[Solandri]

It's because your ad business model is broken. How long will it take before you admit to yourselves that accepting random scripted ads from an insecure third party ad farm totally out of your control is stupid? Either vet the ads yourself (and accept responsibility if you let a malicious ad get through), or contract it out to a third party security service which does it for you.

Too hard you say? Here's a hint: If the only ads you allow are a static JPEG which clicks through to the advertising site, you've done your job. Newspapers and magazines got along just fine for over a century with static ads. Advertisers don't need scripting, and in fact they've demonstrated they're too immature to be given the power of scripts.

Ad Blocking

[duke_cheetah2003]

And once again, Ad Blocking is justified. Those darn ads can be outright dangerous, which computer people have been saying for years.

Simply put, if companies can't be bothered to vet the ads they're serving, we can't be bother viewing any ads at all. Clean it up, already.