Active drive-by exploits critical Android bugs, care of Hacking Team

  • 25 April 2016
  • 4 replies
  • 62 views

Userlevel 7
Badge +54

Hostile JavaScript delivered through ads installs ransomware on older Android phones.

by Dan Goodin - Apr 25, 2016
 
                                        http://cdn.arstechnica.net/wp-content/uploads/2016/04/cyberpolice-ransomware-600x1024.png
 
An ongoing drive-by attack is forcing ransomware onto Android smartphones by exploiting critical vulnerabilities in older versions of Google's mobile operating system still in use by millions of people, according to research scheduled to be published Monday.
 
The attack combines exploits for at least two critical vulnerabilities contained in Android versions 4.0 through 4.3, including an exploit known as Towelroot, which gives attackers unfettered "root" access to vulnerable phones. The exploit code appears to borrow heavily from, if not copy outright, some of these Android attack scripts, which leaked to the world following the embarrassing breach of Italy-based Hacking Team in July. Additional data indicates devices running Android 4.4 may also be infected, possibly by exploiting a different set of vulnerabilities.
 
Full Article

4 replies

Userlevel 7
Badge +62
This sounds pretty bad for users ,using the older Android OS. Why wouldn't Google patch all these Androids, A large percentage will never see the update.:@
Userlevel 7
The problem is I suspect, Sherry, that many of the phones you speak of are running a non vanilla version of Android, i.e., tweak by the phone providers or networks in an attempt to out do each other...and as a result a vanilla version of a new Android OS cannot be installed until the aforementioned phone providers or networks update their 'versions' too.
 
In the end don't go for a customised version of Android...stick with someone who provides a vanilla implementation...more boring perhaps but at least one can update it when Google provide an update. ;)
Userlevel 7
Badge +54
It appears the name for that ransomware is Dogspectus, I wonder who gives them these crazy names and why.
 
April 26, 2016  By Pierluigi Paganini
 

Blue Coat spotted a new ransomware-based campaign serving the Dogspectus malware. Crooks combined a Hacking Team exploit and the Towelroot exploit.

 
Security experts at Blue Coat have spotted a new campaign spreading an Android Ransomware dubbed Dogspectus. The malicious code hijacks mobile advertisements to scam.gift cards, it locks the device in a state that allows only victims to make payment.
 
Full Article
Userlevel 7
I suspect that it is a reflection on their warped minds & sense of importance...LOL

Reply