A ransomware exploit kit has been discovered by researchers that can install malicious apps on an Android devices without any user interaction from the victim's side. While malware attacks generally take place when a user installs an APK or performs a specific action, this exploit can be carried out by just visiting certain websites and one could be infected.
The attack is a combination of exploits that affect at least two critical vulnerabilities in Android versions 4.0 (Ice Cream Sandwich) until 4.3 (Jelly Bean). Devices running Android 4.4 (KitKat) may also be infected according to the report, possibly by exploiting a different set of vulnerabilities.
As per a report from Google released in April, the company gives a breakup of its OS user base, indicating that the most widely used was Android 5.0 Lollipop. In this context what is alarming is that more than half of all Android devices, precisely 56.9%, according to this data are vulnerable to this ransomware as they run on the older versions of Android which are at risk.
The team tested the vulnerability on an older Samsung tablet running the Cyanogenmod 10 version of Android 4.2.2. According to them while some of the domains in the network from which the attack originated are less than a month old, there is a possibility these attacks may have been going on since mid-February or even earlier.
Remedy if a device is infected
While conducting tests on devices which were infected with this malware, the researchers found a way to get rid of it. It's quite simple. Just do a factory reset, which will delete any applications installed by the device's user. Of course, make sure you have back up of your data before conducting the reset. And make sure you do not back it up on the phone's memory card itself, find another place like your PC or an external drive.