According to MediaTrust mobile users were targeted to fingerprint devices for future attacks. The cross-platform malvertising campaign, LuckyBoy, has been using digital advertising to propagate and target mobile and other connected device users. Penetrating malware blocking tools, the attack has been confirmed on iOS, Android, and Xbox devices. First detected in early December, LuckyBoy quickly escalated to penetrate more than 10 smaller, primarily Europe-based Demand Side Platforms (DSP) with campaigns affecting U.S. and Canadian users.
The malware uses multiple cloaking tactics that detect the presence of blockers, testing environments, and active debuggers. It ensures it’s not running while one of those features are activated by checking for a global variable with the value of “luckyboy”. When the correct environment is identified, the cloaked malware executes a tracking pixel and then redirects to malicious content—such as phishing content and fake software updates.