Drive-by Android malware silently installs over the web (but you’re probably OK)

There’s only so much you can do to help smartphone users keep their devices secure. You can tell them to keep their apps up to date, or not to download software from unknown sources. You can even teach them how to spot when someone’s trying to trick them into installing they shouldn’t be. But despite all those efforts, sometimes malware still manages to get a foot in the door, and that’s just what’s happening with a new ransomware attack.

Let’s get one thing out of the way early: this attack only works on Android 4.x devices, so if you’re running a modern platform release, you’re in good shape. Unfortunately, as we’re all too aware, a significant number of users are still on such dated software, likely because their devices never received Lollipop (to say nothing of Marshmallow) updates.

But if you do happen to be using a vulnerable device (this attack in particular goes after ICS and Jelly Bean, but KitKat may also be susceptible), all you have to do to suffer its wrath is visit the wrong website. Do that, and a Javascript loads a Linux ELF executable, which in turn downloads and installs a ransomware app, demanding a payment (in the form of iTunes gift cards) before it will restore functionality to your phone.

The scary bit here is how transparent the malware installation process is – you won’t see any system messages at all as the app quietly installs itself in the background.

Users can recover their devices without paying up by performing a full factory reset – at the cost of losing their data.

Source: Blue Coat Systems
Via: Phandroid

Share This Post

Watch the Latest Pocketnow Videos

About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bits Read more about Stephen Schenck!