News

Old Versions of Android Vulnerable to Malvertising Ransomware Attack

While Google continually works hard in order to make each version of their Android operating system more and more secure, users of older versions of Android are still left vulnerable to attack. It has been discovered that attackers have been making use of two known exploits that exist on older versions of Android in order to install malware when the user visits a website containing a malicious advert.

Researchers from Blue Coat Systems were responsible for detecting the new use of these exploits recently when one of their test devices, a Samsung tablet running CyanogenMod 10.1 based on Android 4.2.2, was struck with a drive-by download that installed a piece of ransomware after visiting a website with a malicious advert. On closer analysis by a team from Zimperium, it was found that the advert in question contained JavaScript code that was capable of leveraging an exploit in libxslt which was one of the vulnerabilities leaked last year from Hacking Team.

If the advert is successful in executing its code, it deposits an ELF executable named module.so that makes use of another exploit known as Towelroot in order to gain root access to the device. Towelroot is then capable of downloading and silently installing a ransomware-infected APK file such as Dogspectus or Cyber.Police. While these apps don’t encrypt user files on the device, they instead bring up warnings stating that illegal activity has been detected on the device and the user must pay a fine. The device is then blocked from performing any other activities until the fee is paid or the device is factory reset.

“This is the first time, to my knowledge, an exploit kit has been able to successfully install malicious apps on a mobile device without any user interaction on the part of the victim,” Andrew Brandt, director of threat research at Blue Coat, said in a blog post. “During the attack, the device did not display the normal ‘application permissions’ dialog box that typically precedes installation of an Android application.”

It is always recommended to upgrade Android in order to avoid these kinds of security threats, however, even if this is not an option, installing other apps such as up-to-date web browsing apps can allow a user to be protected from these kinds of drive-by downloads.

Alexander Neil

Disqus Comments Loading...

Recent Posts

Plaion Launches Retro ZX Spectrum Computer

Plaion, a leading video game publisher, and Retro Games Ltd., a specialist in reimagined classic…

2 days ago

NVIDIA Warns of GeForce RTX 40 Graphics Card Shortages in November and December

During the latest earnings call, NVIDIA CFO Colette Kress warned of a potential GPU supply…

2 days ago

GeForce RTX 5090, RTX 5080, RTX 5070 Ti, and RTX 5070 Reportedly Coming in Q1 2025

Chinese sources say the GeForce RTX 5090, RTX 5080, RTX 5070 Ti, and RTX 5070…

2 days ago

GTA 6 Already Winning Awards Before Its Launch

GTA 6 doesn’t have an official release date yet, but it has already earned a…

2 days ago

DJI Osmo Mobile 6, 3-Axis Phone Gimbal

Stay on Point with ActiveTrack 6.0 - With upgraded tracking tech, OM 6 sticks to…

2 days ago

Drayton Wiser Smart Radiator Thermostat TRV

Pack includes three Wiser Radiator Thermostats. These smart radiator thermostats are only designed to work…

2 days ago