Your browser is obsolete!

The page may not load correctly.

Android territory

Туманность Андроида

Other issues in this category (22)
  • add to favourites
    Add to Bookmarks

An explosive mixture

Read: 6084 Comments: 2 Rating: 43

Tuesday, August 9, 2016

Myth: For an Android device to get infected, the user has to independently install a malicious application.

Trapped in this illusion, experts (including those who haven't been tricked by fraudsters yet) claim that a handheld doesn’t need an anti-virus—it’s an unnecessary redundancy.

We’re not going to dredge up the numerous incidents of malware being available for download from Google Play and how often users themselves have installed Trojans on their own devices (for more details, refer to the issue “Never trust, always verify!”). Let's get back to discussing vulnerabilities and how Trojans can exploit them to put down roots in a system that is not protected by an anti-virus.


To install a malicious program, attackers use two exploits. One is similar to an exploit from the leaked Hacking Team source code archive (Android libxslt). It is designed to download software onto a device. The second is Towelroot. It exploits the vulnerability CVE-2014-3153 to bypass Android security and escalate its privileges.

The installation of the malware is completely automatic. A compromised or specially designed site containing a JavaScript implementation of the libxslt exploit is used to download the program onto the device.

Android displays no warnings or notifications while the first exploit is performing its tasks and the malware is being installed.

This vulnerability affects Android 4.0.3-4.4.4.

Dr.Web detects the aforementioned vulnerability-exploiting malware as Tool.Rooter.37.origin and Android.Packed.4325.

And that’s not the only problem!

Modern sites use various scripts, plugins, cookies and super cookies. If one attempts to thwart their hidden activities, a pop-up message appears, demanding that they be allowed to continue with their work.


You can close the dialogue box a couple of times, but if you visit the site several times per day, this will get annoying very quickly. Add to that the vulnerabilities that haven't been closed and you'll have an explosive mix on your hands. #Android

The Anti-virus Times recommends

Some device makers do not provide critical updates for some of their devices, and certain Android versions do not receive them either (we discussed the peculiar Android updating policy adopted by Google in the issue Cut adrift). That's why anti-virus protection is necessary for all devices, including handhelds.

But not all protection solutions are equally effective. An anti-virus alone is not enough. Choose Dr.Web Security Space for Android with its extended arsenal of protective features. Surely, the file monitor Dr.Web SpIDer Guard will protect your handheld from all known threats, but it's not enough—there are threats that haven’t yet been added to the Dr.Web virus databases so they can’t be recognised.

The component Security Auditor will determine how vulnerable your device is. Once the Security Auditor tells you what vulnerabilities are in your device's system, you can take precautions to avoid traps set by criminals.

Dr.Web Cloud will prevent you from ending up on bogus sites and thus reduce the risk of accidental infection.


Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.