Latest Trojan Malware For Android Sneaks In Via Third-Party App Stores
The number of threats of computer viruses and hacker access is growing, especially with the increasing number of mobile devices that are available. A report today from Lookout Mobile Security highlights hacked websites targeting Android devices with a new Android Trojan called NotCompatible, an attack vector previously only used to infect PCs with malware, writes Damon Poeter for PC Mag.
“In this specific attack, if a user visits a compromised website from an Android device, their web browser will automatically begin downloading an application—this process is commonly referred to as a drive-by download,” the security firm warns on its official blog.
Lookout said the malicious sites appears to serve as a simple TCP relay and proxy while posing as a system update. “This threat does not currently appear to cause any direct harm to a target device, but could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy,” the blog post continued.
About 10 websites compromised to include the malicious iframe have been identified, a Lookout spokeswoman said. Compromised websites that are delivering NotCompatible through Android mobile web browsers appear to be relatively low-traffic sites, Lookout said, and for the time being, “we expect total impact to Android users to be low.”
Lookout said that if a user visits a compromised website from an Android device, the mobile web browser will automatically begin downloading the NotCompatible app named “Update.apk,” GMA reports.
The application would still need to be downloaded before a device will be infected. To actually install the app to a device, it must have the “Unknown Sources” setting enabled. If the setting is not enabled, the installation will be blocked.
“Based on our initial investigation, we’ve confirmed that a number of websites have been compromised. However, affected sites appear to show relatively low traffic and we expect total impact to Android users to be low,” it added.
Non-Android devices visiting the infected sites returns an error message that prevents any malicious activity from taking place, Lookout said. But when a browser advertises it’s running on an Android device, an HTML script automatically pushes the malicious software through a series of domains including gaoanalitics.info and androidonlinefix.info.
NotCompatible went undiscovered until an HTC Rezound owner whose phone was infected after visiting a pest control company’s website posted an item about the incident on Reddit early on Wednesday where it was spotted by the Lookout team.
It has always been Google’s advice to download apps only from its official Play market, writes Dan Goodin for ArsTechnica. Most, but by no means all, malicious titles targeting Android are distributed through third-party channels. Lookout’s discovery of sites that actively foist malicious installation apps only reinforces this advice.