Attackers are using two known exploits to install ransomware on older Android devices when their owners browse to websites that load malicious advertisements.

Web-based attacks that exploit vulnerabilities in browsers or their plug-ins to install malware are common on Windows computers, but not on Android, where the application security model is stronger.

But researchers from Blue Coat Systems detected the new Android drive-by download attack recently when one of their test devices — a Samsung tablet running CyanogenMod 10.1 based on Android 4.2.2 — became infected with ransomware after visiting a Web page that displayed a malicious ad.

To read this article in full or to leave a comment, please click here