May 3, 2012
2
8 36 2

virus 1

In a new twist in the malware for Android story, the mobile security company Lookout has released details of a new Android malware which automatically starts downloading to the victim’s device when they visit an infected web page. Known as a “drive-by download” the malware app starts to download without the user’s permission and because it claims to be a system update it is likely that unsuspecting users will happily install it.

For a website to serve up the NotCompatible malware, as it has been dubbed,  it needs to have been previously compromised by a hacker who adds some HTML to the website (specifically an iframe  pointing to androidonlinefix.info or gaoanalitics.info). When a browser running on Android renders the iframe the servers at androidonlinefix.info or gaoanalitics.info send an file called Update.apk. When the website is visited with a browser on a PC no download is sent.

Current research can’t find anything particularly malicious about the NotCompatible Trojan which appears to just serve as a simple TCP relay / proxy. There is a potential threat in that corporate or government networks could be compromised by commanding the Trojan to act as a proxy allowing an outside hacker to bypass any firewalls.

“So, I was browsing to my pest company’s website on my phone when I went to the link about termites,” said georgiabiker who originally discovered the malware. “A split second after the page loads a download begins. So it is clearly some sort of malware masquerading as an update.”

One possible safe guard is that the Android device must have the install from “Unknown sources” setting enabled,  if it doesn’t the installation will be blocked. However many third party Android app markets including Amazon’s Appstore require users to enable this setting.

According to Lookout, a number of websites have been compromised. However these seem to be low traffic sites and so the total number of downloads has been relatively small.

Gary Sims
Gary has been a tech writer for over a decade and specializes in open source systems. He has a Bachelor's degree in Business Information Systems.He has many years of experience in system design and development as well as system administration, system security and networking protocols. He also knows several programming languages, as he was previously a software engineer for 10 years.
Show 2 comments