Latest Trojan Malware For Android Sneaks In Via Third-Party App Stores

May 3, 2012

The number of threats of computer viruses and hacker access is growing, especially with the increasing number of mobile devices that are available. A report today from Lookout Mobile Security highlights hacked websites targeting Android devices with a new Android Trojan called NotCompatible, an attack vector previously only used to infect PCs with malware, writes Damon Poeter for PC Mag.

“In this specific attack, if a user visits a compromised website from an Android device, their web browser will automatically begin downloading an application–this process is commonly referred to as a drive-by download,” the security firm warns on its official blog.

Lookout said the malicious sites appears to serve as a simple TCP relay and proxy while posing as a system update. “This threat does not currently appear to cause any direct harm to a target device, but could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy,” the blog post continued.

About 10 websites compromised to include the malicious iframe have been identified, a Lookout spokeswoman said. Compromised websites that are delivering NotCompatible through Android mobile web browsers appear to be relatively low-traffic sites, Lookout said, and for the time being, “we expect total impact to Android users to be low.”

Lookout said that if a user visits a compromised website from an Android device, the mobile web browser will automatically begin downloading the NotCompatible app named “Update.apk,” GMA reports.

The application would still need to be downloaded before a device will be infected. To actually install the app to a device, it must have the “Unknown Sources” setting enabled. If the setting is not enabled, the installation will be blocked.

“Based on our initial investigation, we´ve confirmed that a number of websites have been compromised. However, affected sites appear to show relatively low traffic and we expect total impact to Android users to be low,” it added.

Non-Android devices visiting the infected sites returns an error message that prevents any malicious activity from taking place, Lookout said. But when a browser advertises it´s running on an Android device, an HTML script automatically pushes the malicious software through a series of domains including gaoanalitics.info and androidonlinefix.info.

NotCompatible went undiscovered until an HTC Rezound owner whose phone was infected after visiting a pest control company´s website posted an item about the incident on Reddit early on Wednesday where it was spotted by the Lookout team.

It has always been Google´s advice to download apps only from its official Play market, writes Dan Goodin for ArsTechnica. Most, but by no means all, malicious titles targeting Android are distributed through third-party channels. Lookout´s discovery of sites that actively foist malicious installation apps only reinforces this advice.

Source: RedOrbit Staff & Wire Reports

comments powered by Disqus