Cybercriminals Use Fear of Android Bug to Spread Malware
We have recently seen cybercriminals taking advantage of the previously reported “Android installer hijacking” vulnerability, which affects Android versions 4.3 and older, or roughly half of Android devices, to download malware into user systems. The Android hijacking bug can reportedly shortchange users who download apps from third party app stores into actually downloading malware and give these permissions without their knowledge.
If you have been following network security news closely, you would have also heard of how researchers released a scanner app for Android users to check if this vulnerability affects them. The fear of being vulnerable to this threat has given cybercriminals a way to install malware on user devices.
We found the following sites that show up when users search for the keyword “scanners” for the said flaw:
Screenshot of site that automatically downloads adware on the device
Screenshot of site with persistent pop-up window
Screenshot of suspicious site that redirects users to error pages
[Read: Additional technical details on bad sites that lure Android users to download malware]
This recent social engineering tactic can be considered a test of the readiness of Internet users to anticipate threats, even those who are driven to be mindful of their digital security. Cybercriminals can be quite creative when it comes to creating lures, always taking advantage of topics that strike human interest.
These recent events were also abused to lure users into sharing personal information or downloading threats:
[Read: The Most Popular Social Engineering Lures Used in 2014]
Always be mindful of what you click on when you're online. Cybercriminals will always try to get into your system by leveraging your online activities—which include web surfing, social networking, online shopping, checking emails, online banking, and more. Read more about spotting bad links and avoiding social engineering schemes by checking this guide on “How to Spot Bad Links.”
Be wary of downloading apps from third party sources and always stay updated on the recent threats to mobile safety. Protect both desktop and mobile devices with security solutions that block threats in real time without hampering device performance.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases