Attackers use Hacking Team exploit to drop ransomware

By

Around a quarter of older Android devices at risk.

Attackers are actively using an exploit leaked last year from Italian spyware vendor Hacking Team to install ransomware that locks users out of their Android devices, researchers have discovered.

Attackers use Hacking Team exploit to drop ransomware

Security vendor Blue Coat and Zimperium analyst Joshua Drake have identified an exploit kit that executes malicious Javascript via booby-trapped advertisements, installing the Cyber.police or Dogspectus ransomware. 

The ransomware, which locks older devices running Android Ice Cream Sandwich, Jelly Bean and Kit Kat versions 4.0.3 to 4.4.4, demands US$200 (A$260), paid in Apple iTunes gift card codes. 

No user interaction is required to install the ransomware, which is a first, Blue Coat researcher Andrew Brandt said.

After de-obfuscating the Javascript, Blue Coat and Drake confirmed that it contains an exploit found in the Hacking Team leak.

The flaw is the "Towelroot" bug in Linux, which was uncovered in 2014. Google patched the bug in Android 4.4.4 but not in older versions of the mobile operating system, leaving just under a quarter of older devices permanently at risk of being infected.

The researchers suggested that users with older Android devices back up the data they wanted to keep outside their devices, to stay safe from ransomware. Furthermore, people should use a more up-to-date web browser than the one included with their Android devices.

Although the Cyber.police ransomware persists after devices have been reflashed with a newer version of Android, the researchers said that a factory reset wipes it off the device. It is also possible to connect ransomware-locked devices to a computer and copy over data that way.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack

Log In

  |  Forgot your password?