Observing the activities of several groups cybercrime, researchers from Kaspersky Lab noticed on infected websites unusual activity is a danger to users of Android version 4.1 or earlier. Devices with Android versions are infected when opening properly prepared web page – without any involvement from the user.
Infect Android devices is much harder than putting a malicious program on a typical computer – in most cases the installation of mobile applications requires confirmation of the owner of the device. However, vulnerabilities in older versions of Android can afford to bypass this protection. During his study, experts from Kaspersky Lab found that such cases take place and are implemented using malicious scripts placed by the attackers on the web. These scripts provide a set of special instructions to execute in the web browser embedded in the code of the infected web page. Dangerous activity has been identified by researchers at Kaspersky Lab in the analysis of malicious behavior – experts noted that the code cybercriminal website looking for devices running under the old version of Android. Then detected two more suspicious scripts. The first one can send SMS to any mobile phone number, and the other writes to the SD card unit attacked a Trojan that can capture and send SMS messages. Detected scripts can carry out its activities independently of the will of the user of the system Android to the device has been infected, the user only needs to enter the site crafted by cybercriminals. action scripts is possible as a result of the harmful cyber tools using several vulnerabilities in Android versions 4.1.xi elderly – in particular CVE-2012-6636, CVE-2013-4710 and CVE-2014-1939. All three vulnerabilities were patched by Google between 2012 and 2014, but the risk of their use still exists. Due to the features of the Android ecosystem, many manufacturers of devices based on this operating system too slow to provide necessary security updates. For more information on attacks on Android devices implemented with the use of malicious scripts on web pages is official website .