"NotCompatible is a new Android trojan that appears to serve as a simple TCP relay / proxy while posing as a system update. This threat does not currently appear to cause any direct harm to a target device, but could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy." - Lookout
Some of the compromised sites that we have seen have the following injected hidden Iframes:
Unsuspecting mobile users browsing hacked sites are tricked into installing NotCompatible while it masquerades itself as a system update (downloaded file named Update.apk).
Luckily, Android users that have the 'Unknown Sources' application setting turned off are not affected by this attack.
Well, more accurately, I found the first-ever android driveby attack, and posted it on reddit. Lookout found out about it there. http://www.reddit.com/r/Android/comments/t3epc/whoa_i_think_a_perfectly_legitimate_site_is/
ReplyDelete