A new one was recently discovered malvertising campaign targeting users mobile and other connected devices and uses effective methods to avoid detection. THE malvertising campaign with the name "LuckyBoy" focuses on users iOS, Android and Xbox and it is one multi-stage tag-based campaign.
Since December 2020, it has penetrated more than 10 Demand Side Platforms (DSPs), mainly in Europe, but victims have also been identified in USA and Canada.
According to Media Trust, the malware used controls a global variable "luckyboy“, Which allows him to detects if there are blockers, testing environments and active debuggers on the target Appliances. If any of the above is detected, the malware will not run.
If, however, the field is "clean", the malware will execute one tracking pixel, which has programmed to redirect the user to malicious content (eg phishing pages and fake software updates).
LuckyBoy is made in stages. Small campaigns start on Thursday nights and continue throughout the weekend.
The data of the device collected include: country code, graphic information, CPU kernel number, battery level, current domain, plugins, webdriver presence and more.
Malware constantly checks to ensure that the value of the global variable remains "luckyboy". Otherwise, the script stops running.
"LuckyBoy is probably testing, looking at the chances of success before launching a wider attack“. It's a tag-based malvertising campaign, with malware blocking code, to bypass these defenses. "This is further proof that its complexity is impressive", Notes The Media Trust.