Android Malware Spreading for First Time via Hacked Sites

CIO Insight Staff Avatar

Updated on:

Drive-by malware downloads are nothing new–unless, that is, they’re targeting the Android operating system, which is exactly what a newly discovered Trojan is doing.

Lookout Mobile Security on Wednesday reported that for the first time, a hacked site is distributing malware for Google’s mobile operating system.

Lookout says that the new Trojan, dubbed "NotCompatible," poses as a system update, but in reality appears to serve as a simple TCP relay/proxy.

Currently, NotCompatible isn’t directly harming the victimized devices, but Lookout writes that it could potentially be used to gain access to private networks by turning infected Android devices into proxies.

Fortunately, the infection rate, at least at this preliminary stage, is low. The malware is on a number of compromised sites, all of which have a hidden iframe at the bottom of their pages.

Those sites show "relatively low traffic," Lookout says. The security firm is surmising that the total impact to Android users will thus be slight.

If a user visits a compromised page, his or her mobile browser will automatically begin to download the NotCompatible application, which will come over as "Update.apk." The download has to be successful in order for the device to be infected.

If the malware successfully downloads, the infected device prompts the user to click on the notification to install the downloaded app. Lookout notes that the device will install the app only if the "Unknown sources" setting is enabled otherwise, the download is blocked. To check the setting on your Android device to block the download, go to Settings >> Applications >>Unknown sources.

Drive-by Android malware may be a first, but it’s hardly surprising. If mobile malware were a popularity contest, Android would be prom queen, judging by recent headlines.

For example Juniper Networks reported in February that malware targeting Android grew by an eye-popping 3,325 percent in the last seven months of 2011. Out of all the unique malware samples targeting mobile platforms, nearly half about 46.7 percent were Android malware. McAfee, for its part, also predicted in November 2011 there would be 75 million unique malware samples by the end of 2011.

To read the original eWeek article, click here: Android Malware Spreading for First Time via Hacked Sites

CIO Insight Staff Avatar