Lookout Warns of New 'NotCompatible' Android Trojan
The researchers say this appears to be the first time hacked Web sites are being used specifically to target mobile devices.
Lookout Mobile Security researchers are warning of a new Android Trojan, named NotCompatible, that's being distributed via infected Web sites. "Hacked websites are frequently used to infect PCs with malware; however, today we have identified the first time hacked websites are being used to specifically target mobile devices," the company wrote in a recent blog post.
"When a user arrives on the page, a file by the name of 'Update.apk' begins downloading immediately," The H Security reports. "But it is only offered for installation, as 'com.Security.Update,' if the user has enabled the 'Unknown Sources' setting in the system preferences. If that is not enabled, the installation will be blocked. "
"Visiting the websites on non-Android devices returns an error message that prevents any malicious activity from taking place, Lookout said," writes Ars Technica's Dan Goodin. "But when a browser advertises it's running on an Android device, an HTML script automatically pushes the malicious software through a series of domains including gaoanalitics.info and androidonlinefix.info. A command and control server is hosted at notcompatibleapp.eu. About 10 websites compromised to include the malicious iframe have been identified, a Lookout spokeswoman said."
"For now, NotCompatible doesn’t seem to be programmed to cause any damage to the devices it infects," notes Softpedia's Eduard Kovacs. "Instead, it’s a TCP relay that could be utilized by the cybercriminals to gain access to private networks by turning the compromised Android phone into a proxy."
"NotCompatible was actually discovered by an HTC Rezound owner whose phone was infected after visiting a pest control company's website," writes PCMag.com's Damon Poeter. "She posted an item about the incident on Reddit early on Wednesday where it was spotted by the Lookout team."