Thursday, May 3, 2012

NotCompatible Android Malware: First-known Android Drive-By Download Attack

On May 2nd 2012, Lookout reported the first known incident where compromised websites are being used to serve malicious apps to Android users.
"NotCompatible is a new Android trojan that appears to serve as a simple TCP relay / proxy while posing as a system update. This threat does not currently appear to cause any direct harm to a target device, but could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy." - Lookout

Some of the compromised sites that we have seen have the following injected hidden Iframes:

Unsuspecting mobile users browsing hacked sites are tricked into installing NotCompatible while it masquerades itself as a system update (downloaded file named Update.apk).

Luckily, Android users that have the 'Unknown Sources' application setting turned off are not affected by this attack.

1 comment:

  1. Well, more accurately, I found the first-ever android driveby attack, and posted it on reddit. Lookout found out about it there.