Blue Coat Labs Company Specialist Andrew Brandt (Andrew Brandt) discovered a new malicious program that infects devices running older versions of Android (with Android 4.0 to Android 4.4). The malicious code called Cyber.Police downloaded from web pages that the user visits.
Hostile device application is installed independently, without interacting with the owner and not displaying the “permission to run the application” dialog box, the appearance of which is usually preceded by installing Android apps.
Hackers have managed to create such a virus through the use of developments hacking Team, which became available after the break the company. Analyst Joshua Drake (Joshua Drake) Zimperium the company confirmed that the exploit Towelroot uses those same codes that were stolen from the Hacking Team. The specialist also noted that the malware contains Futex code (same Towelroot), which was first described in the late 2014
Device Infection occurs as follows:. After visiting a Web page on the gadget’s screen pop-ups, close to the user is not obtained. The user is informed that his unit “blocked by the authorities”, and unlocking is possible only in one way: the payment of the penalty. It is interesting that this payment must necessarily be using iTunes gift certificates – a trick that allows hackers to omit the personal bank account. Despite the fact that Apple representatives monitor the gift cards, they have for many years used by hackers as a kind of currency
From the point of view of the expert mechanism of infection is as follows:. The malicious Javascript embedded in the advertising on the resource. Codes stolen from Hacking Team attack a vulnerability in the libxslt library, and because of this the unit is loaded Linux ELF binary module.so. This ELF-peyload recognized only two suppliers of antivirus solutions. That it creates a root-privilege that allows you to install a malicious application that contains a Trojan Cyber.Police.
The danger of this malicious program is still in the fact that some devices running on the Android platform, may be at risk for years until you get a new version of the software. We have in mind primarily the so-called media players – cheap reproduce gadgets that long can work normally without receiving updates, but their use entails a serious danger devaysa infection
However, “. win “malware Cyber.Police easy – simply reset to factory settings after connecting the affected device to your computer to save all required data
Subscribe to our news Telegram : telegram.me/rgdigital
No comments:
Post a Comment