Drive-by Android malware silently installs over the web (but you’re probably OK)

There’s only so much you can do to help smartphone users keep their devices secure. You can tell them to keep their apps up to date, or not to download software from unknown sources. You can even teach them how to spot when someone’s trying to trick them into installing they shouldn’t be. But despite all those efforts, sometimes malware still manages to get a foot in the door, and that’s just what’s happening with a new ransomware attack.

Let’s get one thing out of the way early: this attack only works on Android 4.x devices, so if you’re running a modern platform release, you’re in good shape. Unfortunately, as we’re all too aware, a significant number of users are still on such dated software, likely because their devices never received Lollipop (to say nothing of Marshmallow) updates.