The latest Android malware scare is straight out of Compton. Mobile security firm Lookout reports that Android users have been the victim of “drive-by” attacks that see hacked websites sideloading malicious apps onto their devices. The method of infection, which is most commonly used to target PC users and only recently starting to crop up on mobile devices, uses an embedded iframe to trigger an HTML script that automatically pushes a trojan dubbed NotCompatible. Users are prompted to install the app, which appears as a normal system update.
NotCompatible acts as a TCP relay/proxy and is linked to a command and control server at notcompatibleapp.eu; it could be used to turn an Android device into a proxy for accessing private networks. So far Lookout says the trojan app has not caused “direct harm to a target device.”
Ten sites have been identified as sources for the malware so far, but there could be more. A few steps users can take include disabling the ability to install apps from non-Google Play sources and using common sense when prompted to install anything that wasn’t downloaded from Google’s store.