Hacked websites pushing malware to Android devices in ‘drive-by download’ attacks

The latest Android malware scare is straight out of Compton. Mobile security firm Lookout reports that Android users have been the victim of “drive-by” attacks that see hacked websites sideloading malicious apps onto their devices. The method of infection, which is most commonly used to target PC users and only recently starting to crop up on mobile devices, uses an embedded iframe to trigger an HTML script that automatically pushes a trojan dubbed NotCompatible. Users are prompted to install the app, which appears as a normal system update.

NotCompatible acts as a TCP relay/proxy and is linked to a command and control server at notcompatibleapp.eu; it could be used to turn an Android device into a proxy for accessing private networks. So far Lookout says the trojan app has not caused “direct harm to a target device.”

Ten sites have been identified as sources for the malware so far, but there could be more. A few steps users can take include disabling the ability to install apps from non-Google Play sources and using common sense when prompted to install anything that wasn’t downloaded from Google’s store.

[via ArsTechnica]

Continue reading:

  • scuttlefield

    Use common sense?! We’re screwed! :D

    • Michael Quinlan

      Common sense *IS* all that’s required.  Unfortunately, it’s not nearly as common as the name would imply.

  • JBO1018

    That’s pretty sneaky, but I would NEVER hit install if the package manager just came out of nowhere trying to install an app. Unfortunately a lot of people with think its just an automatic update or that they caused it somehow.

  • GlennStile
    • Magus2300

      The 2010 version has bugs.  Most of them were fixed in the 2011 version, but now they’re back in the new 2012 release.

  • user311

    Wait a minute, I’m not supposed to install every app that prompts me for an install request?

  • avengers

    Sorry I created it.

  • http://pulse.yahoo.com/_CYQUMMC7Z4UBLSHQAJGNJBKVPM JamesS

    Uh huh, suuuuure. Next you’re going to tell me I shouldn’t download the zip file on the USPS notification I get for a package that I’m not even expecting but seems to be held at a facility at a daily charge of $3.72. Or that there really isn’t some made up pizza chain that is going to deliver $80 worth of pizza to me unless I click their link. Or that there aren’t several rich princes in Nigeria who need my help off shoring their vast wealth. Btw, forward this to ten people you know or you’ll burn in hades with a recent Android phone but no hope of ever seeing ICS…  because you’re in hades…  and that phone happens to be on a US carrier.

    • UniBroW

      woman at work opened that ups email 2x’s, first time not realizing the reason her machine was infected was because of that email.   lol

      • http://pulse.yahoo.com/_CYQUMMC7Z4UBLSHQAJGNJBKVPM JamesS

        Yikes! That email is loaded with alarm bells!

        • UniBroW

          Yeah, I am still astonished she did it not only once but twice.

          Sent from my Galaxy S II

  • http://twitter.com/AlexDumitru Alex Dumitru

    it only happens if you install apps you don’t know where they came from

  • Aeires

    Ten porn sites or free music download sites?

  • Jonbo298

    Unfortunately with people who install the Amazon App Store on android handsets, you have to enable the ability to install 3rd party apps. This is where most of the common sense goes out the window if a situation like this came up.

  • Unorthodox

    Call the apk com.Ice.Cream.Sandwich.update, and the damage rate will be 1000 times higher.

  • mikeym0p

    Most users have the option to sideload apps disabled anyway. I dont see this as much of a concern because most users who know to enable the ‘unknown sources’ option have the common sense to prevent a malicious app from forcing itself into the phone.

  • Jfelts

    This may or may not be related but I just got a notification ad for cartoon wars and it just said frreeeedoomm!