14 DAY TRIAL // You should probably be aware by now that if you receive an email from one of your contacts and it contains nothing but a shady-looking link, you should not click on it. Here’s a fairly new scheme that’s leveraging hijacked Yahoo! accounts to lure users to malicious sites.
Commtouch experts have identified a campaign that starts with a single link sent from a compromised Yahoo! account. If the victim opens the link, he/she is taken to a hijacked website that’s designed to redirect them to another domain.
These intermediary sites, called “distribution sites,” verify if victims are surfing the web from a PC or an Android smartphone. If a PC is detected, the user is taken to a website advertising shady diets.
If they’re using an Android device, they’re directed to a site that injects code through the web browser, triggering the automatic download of a malicious Android package (.apk) file.
When executed, the .apk unleashes a malware (AndroidOS/NotCom.A) that’s designed to steal data.
Additional technical details on AndroidOS/NotCom.A are available on Commtouch’s blog.