Malvertising: Exploit Kit pushes Ransomware to Android devices | #android | #security


It isn’t Ransomware in the traditional sense, as there’s no encryption, but Android devices are being targeted by malware that hijacks mobile advertisements to scam gift cards, researchers at Blue Coat Labs discovered.

The Ransomware, called Dogspectus by Blue Coat, holds the device in a locked state where it can’t be used for anything other than to make payment. In this case, the demands are $200 in iTunes gift cards. Blue Coat Labs researchers discovered the attack after a tablet running CyanogenMod 10 / Android 4.2.2 viewed a malicious advertisement.

The malicious ad installed the payloads silently with no user interaction. This was possible because the Exploit Kit managing the campaign used a previously leaked Hacking Team exploit (lbxslt) to deliver an Android exploit (Towelroot), which in turn installs the Ransomware.

“This is the first time, to my knowledge, an exploit kit has been able to successfully install malicious apps on a mobile device without any user interaction on the part of the victim,” said Blue Coat’s Andrew Brandt.

“The commoditized implementation of the Hacking Team and Towelroot exploits to install malware onto Android mobile devices using an automated exploit kit has some serious consequences. The most important of these is that older devices, which have not been updated (nor are likely to be updated) with the latest version of Android, may remain susceptible to this type of attack in perpetuity.”

The attack targets the 4.x branch of Android, and Blue Coat says at least 224 devices communicated with the servers running the Ransomware campaign. All of them were running Android versions with a range between 4.0.3 and 4.4.4. Android devices on the 5.x or 6.x branch are not affected, Blue Coat says.

Copyright © 2016 IDG Communications, Inc.



Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

forty − = thirty nine