Skip to content Skip to sidebar Skip to footer

Malicious Android Ads leading to drive by downloads

Malvertising is a growing problem, especially given the rise in SSL sites that serve malicious ads. Zscaler ThreatLabZ team identified an Android app that was downloading itself from advertisements posted on forums. The app uses the insidious mask of a “security update” to get a user to complete the installation. Once installed, the app immediately asks for Admin rights, and it becomes impossible to remove it from the device. We also noticed that the app connects with its C&C server to fetch the various parameters it needs to operate. We found that the traffic is encrypted by AES algorithm and the key-IV is found to be hardcoded inside the code.”]


Sign Up to Our Newsletter

Be the first to know the latest updates