Security News > 2021 > January > 'LuckyBoy' Malvertising Campaign Hits iOS, Android, XBox Users
A recently identified malvertising campaign targeting mobile and other connected devices users makes heavy use of obfuscation and cloaking to avoid detection.
Dubbed LuckyBoy, the multi-stage, tag-based campaign is focused on iOS, Android, and Xbox users.
Since December 2020, it penetrated over 10 Demand Side Platforms, primarily Europe-based, with observed campaigns impacting users in the U.S. and Canada.
LuckyBoy was observed operating in bursts: small campaigns are launched on Thursday nights, with only a few compromised tags, and continue throughout the weekend.
Multiple checks are performed as the campaign advances through stages, with extensive code obfuscation and domain exclusion employed, and device-specific information extracted.
"LuckyBoy is likely executing tests, probing to gauge their success before launching a broader attack. Campaign was confirmed to execute on tags wrapped with malware blocking code, bypassing these defenses as further evidence that its sophistication is impressive," The Media Trust notes in a report shared with SecurityWeek.