Security Researchers from WebRoot has found that cyber criminals compromising the legitimate websites for spreading their malwares. One of the popular Bulgarian websites for branded watches has been compromised and redirects to malicious page.
The malicious page serves the premium rate SMS Android malware when user visits from their android devices.
The same cyber criminals also involved in few other campaigns. In one of the campaign, they lure Russian-speaking users into installing fake Adobe Flash player.
The other campaigns include fake Android browser as a social engineering theme and fake Google Play.
When the malicious app is being executed, the malware collects information such as IMEI, brand, operator, IMSI and sends it back to remote server.