[FSec] Post-PC Attack Site: Only Interested in Smartphones/Tablets

Newsfeed

Nachrichtenbote
We've discovered a server that only attacks and/or spams smartphones and tablets — and not PCs.

A Swedish-based colleague of ours, Johan, was recently using his (Android) phone to search for boat trips in the Galapagos Islands. He found a site called Vagabond. And on Vagabond he found an entry with a link to: galacruises.com.

From a Windows-based browser, the link redirects to a site called islasgalapagos.travel.

But the results are much different if a mobile device is used…

mobile_preferences_01.png
mobile_preferences_02.png


Mobile browsers are redirected to a .info domain which in turn redirects yet again.

Sometimes it redirects to a popular game on Google Play:

mobile_preferences_03.png


But much of the time, it's NSFW sites (here seen from a Windows Phone):

mobile_preferences_04.png


And sometimes… malware! (As was the case for Johan.)

mobile_preferences_05.png
mobile_preferences_06.png


Here you can see that the malicious .APK file was blocked by one of our "online" detections.

mobile_preferences_07.png
mobile_preferences_08.png


Specific "disk" detection identifies the threat as a variant of FakeInstaller: Trojan:Android/FakeInst.AV.

Our Mobile Security Safe Browser blocks the offending website:

mobile_preferences_09.png


Note: visiting the .info site without the attack's parameter will result in a redirection to google.com.

A site with an index page that redirects to google.com? Always a clue something's afoot.

Be Safe Out There.
On 19/06/13 At 12:50 PM

Weiterlesen...
 
Zurück
Oben