News

Old Versions of Android Vulnerable to Malvertising Ransomware Attack

While Google continually works hard in order to make each version of their Android operating system more and more secure, users of older versions of Android are still left vulnerable to attack. It has been discovered that attackers have been making use of two known exploits that exist on older versions of Android in order to install malware when the user visits a website containing a malicious advert.

Researchers from Blue Coat Systems were responsible for detecting the new use of these exploits recently when one of their test devices, a Samsung tablet running CyanogenMod 10.1 based on Android 4.2.2, was struck with a drive-by download that installed a piece of ransomware after visiting a website with a malicious advert. On closer analysis by a team from Zimperium, it was found that the advert in question contained JavaScript code that was capable of leveraging an exploit in libxslt which was one of the vulnerabilities leaked last year from Hacking Team.

If the advert is successful in executing its code, it deposits an ELF executable named module.so that makes use of another exploit known as Towelroot in order to gain root access to the device. Towelroot is then capable of downloading and silently installing a ransomware-infected APK file such as Dogspectus or Cyber.Police. While these apps don’t encrypt user files on the device, they instead bring up warnings stating that illegal activity has been detected on the device and the user must pay a fine. The device is then blocked from performing any other activities until the fee is paid or the device is factory reset.

“This is the first time, to my knowledge, an exploit kit has been able to successfully install malicious apps on a mobile device without any user interaction on the part of the victim,” Andrew Brandt, director of threat research at Blue Coat, said in a blog post. “During the attack, the device did not display the normal ‘application permissions’ dialog box that typically precedes installation of an Android application.”

It is always recommended to upgrade Android in order to avoid these kinds of security threats, however, even if this is not an option, installing other apps such as up-to-date web browsing apps can allow a user to be protected from these kinds of drive-by downloads.

Alexander Neil

Disqus Comments Loading...

Recent Posts

Still Wakes the Deep 

LIVE THE HORROR: An immersive disaster story aboard a stunningly realised North Sea oil rig,…

1 hour ago

PHILIPS 275V8LA – 27 Inch QHD Monitor

The Philips VA LED display uses an advanced multi-domain vertical alignment technology that gives you…

1 hour ago

EPOMAKER Ajazz AK820 Pro 75% Gasket-mounted Mechanical Keyboard 

【TFT Screen: The Interactive Interface】This 75% mechanical keyboard comes equipped with a TFT Screen, serving…

1 hour ago

Funko Fusion

FANDOM FUSION Play as your favorite characters and wield their unique weapons and skills. Team…

1 hour ago

Shin Megami Tensei V: Vengeance Standard Edition

The Definitive Version of Shin Megami Tensei V - Fully evolved with stunning visuals for…

1 hour ago

Hand Warmers Rechargeable 2 Pack

【Unique Split Design】5200mAh hand warmers rechargeable together with double-sided heating function, split snap swivel design,…

1 hour ago