dogspectus ransomware attack on android user

Dogspectus Android Ransomware Infect old Android Devices

Ransomware has become the severest threat of the time.. One after another, its besiege circle is expanding and going to further heights. Ransomware is nowadays using an exploit kit to hit back Android devices, running under 4.x operating system.

What is Ransomware?

For all those who aren’t yet aware of this new threat- it’s an apathetic malware which encrypts or locks a computer, its files or browser and demands ransom in exchange of decryption key. So far many Ransomware have hit hospitals, schools, government and private organizations, and private users. Its new target is Android devices, operating under lower versions.

Blue Coat, a US security company, has recently reported that Dogspectus Ransomware uses an exploit kit which installs itself silently in the background onto victim’s phone or tablet. The security company could detect Dogspectus attack on an Android device in a lab testing, where they found a hostile Javascript as the prime gateway source. More about ransomware virus read in previous blog posts

What is Dogspectus Ransomware?

Dogspectus is a new malware designed for Android devices. It serves itself in an Android device through a Javascript or malicious advertisements published on several porn websites. Unlike other Ransomware, it doesn’t encrypts any data but simply locks the phone and demands ransom. The victim is deprived of all access over his phone, except of paying ransom.

Usually it ask for ransom in the form of two $100 Apple iTunes gift card codes. This mode of payment sounds unusual for Ransomware, since so far it has been using untraceable mediums. However, using iTunes gift card codes is traceable and can help suspect the criminal. With Apple’s assistance, card code user can easily be traced which may help in further investigation.

Dogspectus is the only android Ransomware that outbreaks without user interactivity. It gets installed silently in the device without any prior notice. Android devices that are still operating under 4.x versions and use in-built browser apps are the hit point of Dogspectus. Another cause of inviting this Ransomware is through certain porn websites, containing malicious advertisements.

How Dogspectus Infect Android ?

Dogspectus looks for an exploit (a weaker section) in the phone in order to enroute itself without any hurdle. The Ransomware doesn’t displays any “application permission” dialog box and proceeds to installation. It then uses Towelroot which installs the Ransomware and gets access over the phone. Towelroot is an exploit application which helps in rooting a device. Rooting gives access of all files and directories on a device.

The Javascript that Dogspectus uses, contains an exploit against libxslt (a kind of library), which was used earlier as well by Hacking Team. The payload of the exploit contains the code for the “futex” or “Towelroot” that was first revealed at the end of 2014.

This is the first time when any Ransomware attacked a device without involving the user in it. This means, even if the user is operating his Android phone for routine activities, he may unconsciously invite Ransomware in his phone.

Dogspectus Ransomware Infected Device:-

Dogspectus has been reported to infect up to 224 unique devices running between 4.0.3 and 4.4.4 Android versions. This report can be called partial because not all HTTP traffic requests have been traced. These devices communicated with the command-and-control servers since February this year.

Ways to Protect from Dogspectus Android Ransomware:-

Ransomware usually leaves the victim in a vulnerable state, with no alternative available in hand. Victim has to pay ransom after he has been attacked with the malware. So far, no fixation has been recommended against Ransomware. But aftermath actions can be taken for Dogspectus. Follow these below.  Read here how to protect from ransomware

Factory Reset your Android Phone:

Factory reset can be performed even if the phone is locked or is switched off. Just follow the steps.

  • Switch off your device.
  • Press and hold the volume up and power button together until your device turns on.
  • Press volume down button to select “Recovery Mode”. If you aren’t directed to the “Recovery Mode”, then use volume up to move the arrow and then volume down to select the mode.
  • An Android robot with a red exclamation mark image will appear on the screen with “No Command” text.
  • While holding down the Power button, press the volume up button and release it.
  • Use volume up and down button to scroll to the “wipe data/factory reset” option and power button to select the option.
  • Scroll down and press power button to select “Yes- erase all user data” option.
  • Your phone will be formatted and Ransomware will be deleted from it.

Note: Factory reset will erase all the data on your phone along with Ransomware. Please make sure that you don’t have any valuable data if you are running factory reset.

Update your Device:

Operating system updates are regularly available with Android. Please ensure that your device is not running under the lower Android version. You can check your operating system version in your phone settings. Go to the settings and tap on ‘About Phone’ option it in. Your phone’s Android version and system updates options will be listed here. Tap on them and proceed to the needful action.

Backup all your Data:

Data backup secures all files and documents at a safe end. This is one of the preventive step towards Ransomware. Protect all your data with close-ended security alternatives like cloud backup. An application like Right Backup Anywhere will do this work swiftly for you. Upload any file or document on cloud using the app at any time, from anywhere. Right Backup Anywhere ensures smooth data sharing and saving.

get-it-on-google-play
Be proactive against Ransomware and save your data on cloud. Right Backup Anywhere does it  best for you. Get benefited with app. Download it here.

Leave a Reply

Your email address will not be published. Required fields are marked *