Outdated Android Devices Infected with Dogspectus Ransomware Through Malvertising Attack
Ransomware has become a pandemic that has reached across multiple platforms, now including devices running older versions of Android.
Cybercrooks are utilizing known exploits within older versions of Android to install ransomware. The task is seemingly simple for attackers to take advantage of exploits in older versions of Android due to the popularized mobile platform operating system having several security holes. Devices running outdated versions of Android are more susceptible to malicious attacks just as outdated Windows PCs have countless exploits that can be taken advantage of to install malware.
On the front of mobile devices, ransomware hasn't had much of existence. Some attackers are now finding it rather easy to attack older versions of Android through vulnerabilities using a new Android drive-by download attack method. Simply put, outdated Android devices may visit a webpage that displays a malicious ad and once the ad is clicked the device redirects to install ransomware. The process for spewing malicious advertisements is known as malvertising.
Researchers from Blue Coat Systems uncovered the ability for attackers to utilize exploits on Android devices to install ransomware, which is a first for such a platform. Exploit kits have long been a method for installing malware, including recent ransomware threats, onto Windows computers. However, mobile devices were never affected by the proliferation of exploit kits, which Blue Coat is claiming the attacks precede installation of an Android app on an attacked device.
Compromising an Android device is nothing new. In retrospect of what attackers can accomplish through the use of exploit kits, a module by the name of Towelroot has been unearthed to be the culprit in an attack on outdated Android devices. The Towelroot threat, first published in 2014, is able to download stealthily and install an APK (Android Application Package) that is identified to be ransomware. From there, the ransomware, dubbed Cyber.Police or Dogspectus, displays a fake warning claiming to be from law enforcement that purports to have detected illegal activity on the Android device. It will then ask for a fine that must be paid to unlock the affected Android device.
The CyberPolice or Dogspectus ransomware's actions are much like ransomware from many years ago, threats that do not encrypt data but rely on the idea of a fake warning from law enforcement to scare users into paying a fine. As expected, the Android device is locked up and cannot be utilized until the fine is supposedly paid. Though, there is a second option provided by the ransomware, to wipe all files from the device.
Use of exploits like Towelroot is not entirely malicious when you consider how some Android users are apt to use exploits to root their device to remove certain restrictions. Additionally, the Android operating system is inherently open allowing users to root apps and obtain countless third party content or apps.
The simple task of updating Android devices to utilize the latest Android operating system appears to be the recommended takeaway from malicious advertisements attacking outdated devices. While such a task should be a given, many Android device users are slow to perform upgrades and could be putting themselves at an unnecessary risk of ransomware.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.