Updated Skinner Adware Adopts Sophisticated Techniques for Precise Ads Targeting
This week, Google Security removed a dangerous application from Google Play store that had been sneaking for victims in Google Play store for more than two months. The new threat is an adware app and belongs to the big family of adware found on Google Play in the last months. Dubbed "Skinner", this new malware came embedded in an application that provides gaming related features and until the discovery of Skinner the app had been downloaded by over 10,000 users.
Skinner shows some new elaborate techniques that have not been observed in other pieces of adware. It can escape detection by obfuscating its malicious components, but even more interestingly, it can maximize the profits for its owners by tracking the user's location and actions and targeting users with a precision never seen before. The existence of such an elaborate adware threat one more time proves that users cannot feel safe even when downloading a legit application from an official app store.
Skinner unpacks a malicious library embedded in its code as soon as the malware gets installed on a device. Before it launches, the malware performs some checking procedures through which it avoids detection by cyber security analysts and anti-virus programs. On the checklist is the presence of a connected debugger and some emulator hardware; then, the malware also makes sure that the application that carries it has been downloaded from Google Play. Also, the malicious activity begins only when the user of the infected device opens an application or performs some other activity, which ensures the device is run by a real user. After the launch, Skinner adware starts to send to its Command and Control server information about the device, like running apps and location; in return, the C&C server sends commands to the malware to inform it which ads to display.
One of the unique parts of the behavior of this new mobile adware is that it does not display any ad at any moment which would raise the user's suspicion. Instead, the malware displays ads according to the application that is currently in use at any given moment. All targeted applications are divided into four categories: utility apps, browser apps, navigation apps, and caller apps. Such a "tailored" marketing strategy has been observed by now only in banker-overlay malware, and it certainly raises the success rate of Skinner, and thus also the profits for the attackers.
This strategy is another way to minimize the detection risk through a smaller reach since Skinner could generate the same amount of revenues by infecting a considerably smaller amount of devices. Researchers believe that the complex techniques demonstrated by this new malware will be adopted and improved by other adware soon, so users will need to search for stronger protection tools for their safety online.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.