LuckyBoy Operators Attack iOS, Android and XBox Users

Cybercriminals have launched a malicious ad campaign targeting users of mobile and other web-connected devices. The operators of the campaign, dubbed LuckyBoy, are targeting iOS, Android and Xbox users. Since December 2020, they have infected more than 10 automated purchasing systems (Demand-Side Platforms, DSPs), mostly in Europe.

According to experts from the Media Trust, the malware checks the global variable luckyboy, which allows it to determine if their are blockers, test environments and active debuggers are present on the device. If they are found, the malware will not start. Otherwise, the software launches a tracking pixel programmed to redirect the user to malicious content, including phishing pages and fake software updates.

According to experts, LuckyBoy operators operate during certain periods of time - they launch small campaigns on Thursday evenings and continue throughout the weekend.

As the campaign progresses through the stages, multiple checks are performed using extensive code obfuscation and domain exclusion, as well as stealing information about specific devices, including country code, window size, graphical information, number of CPU cores, battery level, current domain, plugins, presence web drivers and touch input. This information c

Previous Post Next Post