Android malware spreads through compromised legitimate Web sites

Over the past 24 hours, our sensor networks picked up an interesting website infection affecting a popular Bulgarian website for branded watches, which ultimately redirects and downloads premium rate SMS Android malware on the visiting user devices.

Image source: Article
The affected Bulgarian website is only the tip of the iceberg, based on the diversified portfolio of malicious domains known to have been launched by the same party that launched the original campaign.

The first variation of the campaign attempts to trick Russian-speaking users into installing a fake version of Adobe’s Flash Player, followed by a second campaign using a fake Android browser as a social engineering theme, and a third campaign which is attempting to trick mobile users into thinking that it’s a new version of Google Play.

Read more about this attack.