Cybersecurity experts reported the detection of a sophisticated malvertising campaign. Dubbed “LuckyBoy”, the operators rely on strong obfuscation and cloaking to avoid detection by security solutions in iOS, Android and even Xbox systems. First detected in December 2020, this campaign is constantly growing in the U.S. and abroad.
As per a report by security firm Media Trust, the malware first analyzes the target system looking for blockers, sandbox environments or debuggers; in case of finding some of these tools, LuckyBoy will terminate itself. On the other hand, when running on a vulnerable system, the malware executes a tracking pixel programmed to redirect victims to phishing websites or malicious software updates.
Instead of deploying a massive spreading campaign, LuckyBoy operators prefer small attacks launched each Thursday night. During one of these operations experts analyzed its code, detecting the extensive obfuscation and domain exclusion techniques. This malware is able to collect target device’s data such as country code, graphics information, number of CPU cores, battery details, plugins, among other details that may be useful for further attacks.
As if this is not enough, LuckyBoy is constantly performing system scanning, thus the operators can be sure that the malware can still persist on the target system. If one of these scanning detects the presence of any of the previously mentioned security measures, the scripts will stop running and the malware will find its own way out the target system.
The experts also think that the malware operators are using LuckyBoy to conduct tests before launching a massive hacking campaign: “The developers of this malware are able to bypass complex defense solutions and could become even more sophisticated”, the Media Trust report mentioned. Microsoft, Android and Apple have already been alerted so they can take the appropriate security measures regarding this malvertising campaign.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.