All about Google Chrome & Google Chrome OS

14 May 12 Android Trojan Mimics PC Drive-by Malware Attack

Researchers have noticed one of the first examples of Android “drive-by” malware from an ordinary website, a dangerous type of automatic attack more commonly used to infect Windows PCs.

Discovered by security company Lookout Mobile Security on a number of webistes, the decidedly odd “NotCompatible” Trojan is distributed using a web page containing a hidden iFrame.

Any Android browser visiting an affected page (the attack ignores PC browsers) will automatically start downloading the malware without the user being aware that this has happened. (See also “5 Free Android Security Apps: Keep Your Smartphone Safe.”)

This isn’t quite a PC drive-by attack because the user still needs to install the app, at which point it relies on the user having ticked the “Unknown Sources” box (in most cases this box would be unticked) that allows non-market apps to be installed.

The rough equivalent of this layer on a Vista or Windows 7 PC would be the User Access Control (UAC) which is usually circumvented using social engineering or by misrepresenting the nature of the application.

NotCompatible eschews such tricks beyond simply claiming to be a security update. It’s not sophisticated but it might fool some users, some of the time.

Malware’s Mission Unclear

The purpose of the infection is a bit of a mystery.

“This specific sample, while relatively well constructed, does not appear to go to great lengths to hide its intended purpose: it can be used to access private networks,” said Lookout’s blog.

“This feature in itself could be significant for system IT administrators: a device infected with NotCompatible could potentially be used to gain access to normally protected information or systems, such as those maintained by enterprise or government.”

The affected sites appeared to have low volumes of traffic but the company believed the exploit iFrame was being served on other sites it had yet to identify, it said.

The warning is stark; mobile malware creators are experimenting with what is possible for this class of malware and have found a way to get mobile malware on to devices without them having to visit third-party app sites as has been the case up to now.

Would you recommend this story?


  • Recommend:
  • Print

Leave a commentSubmit Comment

Once you click submit you will be asked to sign in or register an account if you are not already a member.

Posting comment …

Trade in your old printer save! A new Xerox ColorQube® can increase print quality and reduce costs. Start saving today.

Article source:

Tags: , , , ,

03 May 12 NotCompatible Android Trojan: What You Need to Know

NotCompatible Android Trojan: What You Need to KnowAndroid smartphone users should be on the lookout for hacked websites that automatically download an app onto your phone in an attempt to trick you into installing malicious code. For what may be the first time ever, analysts at Lookout Mobile Security are warning of a so-called drive-by download attack specifically targeted at Android devices. The attack uses infected websites to try to install a Trojan horse called NotCompatible onto your phone. If installed, the Android malware could let hackers use the phone as an intermediary access point, or proxy, to break into private computer networks. There is also some speculation that NotCompatible could add your phone to a botnet.

[RELATED: Keep Malware Off Your Android Phone: 5 Quick Tips]

However, while NotCompatible sounds scary, it is not a threat if you use common sense and never install anything on your phone that you don’t trust or don’t remember downloading. Here’s what Android users need to know about NotCompatible.

How was NotCompatible discovered?

The Trojan first surfaced when a Reddit user named “georgiabiker” discovered NotCompatible by chance and brought the malware to the Reddit community’s attention. Reddit is a social news site and message board.

Who’s at Risk?

NotCompatible can only infect people who have enabled sideloading — the ability to download apps from unofficial sources — for their device, according to Lookout. Sideloading is enabled on your phone by going to SettingsApplications and then tapping the “Unknown Sources” check box.

Keep in mind that even if you have sideloading enabled, getting infected still requires explicit user action.

OK, So How Do I Get Infected?

NotCompatible Android Trojan: What You Need to KnowCourtesy of Reddit user georgiabikerAny Android user arriving at an infected site using the phone’s browser will automatically download a file called “Update.apk.”

NotCompatible Android Trojan: What You Need to KnowCourtesy of Reddit user georgiabikerIf you have sideloading enabled, a screen will pop-up asking you to install an update named com.Security.Update or something similar. Any user who then installs the application will get infected.

If you are not sideloading apps, you will not be able to install the Trojan, Lookout says.

What Does It Do to My Phone?

It’s not immediately clear whether there’s any long-term effect on your phone or your device’s content, but so far Lookout says the only thing that will happen is your phone could be used as a proxy by a third-party.

How Widespread is the Trojan?

Lookout is not offering any specific numbers, but the company says it has found the malware on “numerous” websites embedded in an iframe — a segment of a browser window that can display content from a third-party. Lookout expects NotCompatible’s overall impact to be low.

Hacked sites unknowingly acting as a vehicle for NotCompatible appear to be typically low traffic websites for local businesses such as country clubs, computer repair, and pest exterminators.

What If I’m Infected?

Lookout has not provided any information on what users can do if they are infected with NotCompatible so it’s not clear whether installing Lookout’s antivirus software would remove the malicious software.

Even though this malware is specifically targeted for Android devices, as long as you remain attentive when authorizing new apps and watch out for unauthorized downloads, your device should be fine.

Connect with Ian Paul (@ianpaul) on Twitter and Google+, and with Today@PCWorld on Twitter for the latest tech news and analysis.

Article source:

Tags: , , ,