Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: G+ Digg Delicious Reddit Facebook Twitter StumbleUpon

any can interaction ransomware infect android devices user

Ransomware Can Infect Android Devices Without Any User Interaction
Hacking Team and Towelroot exploits combined to deliver ransomware to Android devices via malvertising

Today, researchers have discovered a new mobile malware distribution campaign that does not require any type of user interaction in order to infect devices with ransomware.

The infection occurs when users visit a website that contains tainted JavaScript code. Blue Coat Labs says the malicious code is delivered via malicious ads (malvertising).

Security researchers from Zimperium have confirmed that the malicious code contained an exploit leaked last year in the Hacking Team data breach.

Malvertising hits Android devices:

The exploit leverages a vulnerability in the libxslt Android library to allow attackers to download a Linux ELF binary called on the device.

This binary uses the Towelroot Android exploit (also the name of a rooting tookit) to get root privileges on the device. Once root access is ensured, will also download an additional Android APK, which contains the ransomware code.

With root access in hand, the attacker can silently install the ransomware without prompting the user for any permissions.

Ransomware targets mainly older Android devices:

The name of this ransomware trojan is Cyber.Police and was first detected back in December 2014. Compared to desktop-based ransomware that encrypts files, Cyber.Police only locks the user's screen and asks them to buy two Apple iTunes gift cards worth $100 each.

Even if Apple tracks iTunes gift cards, these can be used as virtual currency on the underground hacking market and passed around for years between numerous individuals before being used.

Blue Coat Labs says that infected victims send unencrypted traffic from their device to a central command and control server. The company was able to track traffic coming from 224 different Android device models (tablets, smartphones), using Android versions between 4.0.3 and 4.4.4.

The lowest officially supported version of Android is 4.4.4, meaning attackers are targeting users who have failed or cannot upgrade their devices.

"The fact that some of these devices are known not to be vulnerable specifically to the Hacking Team libxlst exploit means that different exploits may have been used to infect some of these [other] mobile devices," Andrew Brandt of Blue Coat notes.

How to get rid of Cyber.Police:

In case you find yourself infected with the Cyber.Police Android ransomware, Blue Coat says that they've managed to remove the malware after resetting the device to factory settings.

Before going through a factory reset, users should connect the device to their PC and copy personal data to their computer.

Upgrading to a newer version of Android did not help because Cyber.Police was installed as a normal application, and Android updates keep apps intact while upgrading.


Possibly Related Threads...
Thread Author Replies Views Last Post
  Cyber-espionage group uses Chrome extension to infect victims Mohammad.Poorya 0 201 12-05-2018 , 07:40 PM
Last Post: Mohammad.Poorya
  Orangeworm Hackers Infect X-Ray and MRI Machines In Their Quest for Patient Data tarekma7 0 299 04-24-2018 , 05:37 PM
Last Post: tarekma7
  Pornhub users warned over 'cyber attack' that could infect devices with malware mrtrout 0 404 03-11-2018 , 02:18 AM
Last Post: mrtrout
  over 40 models of Android devices delivered already infected from the manufacturers mrtrout 0 390 03-08-2018 , 09:10 PM
Last Post: mrtrout
  Android users beware! LeakerLocker ransomware threatens to share your images, message LowcyGier 0 526 07-14-2017 , 05:57 PM
Last Post: LowcyGier

Forum Jump:

Users browsing this thread: 1 Guest(s)