New Drive-By Android Trojan Attacks Mobile Users
Category: Tablets, Smartphones
Symantec has identified a threat known as Android.Notcompatible, an Android Trojan horse program that installs via a partial drive-by download. However, Symantec gives Android.Notcompatible its lowest risk level: Very Low. The main concern is that other hackers might copy the technique to use in other attacks.
- Build, Run and Manage Cross-Platform Mobile Apps with a Mobile Application Platform
- 2013 Social Media Analytics Best-Practices
White PapersMore >>
Drive-by downloads--malware that installs itself without the user's knowledge--typically occur when you visit a website. Android.Notcompatible masquerades as an Android system update named "com.Security.Update". The download and installation sequence is demonstrated in the images below. Infected users approve the installation because they are fooled into thinking the program is a genuine update. Once installed on a phone, Android.Notcompatible uses proxy code to monitor all data moving in or out of the phone, including personal data, and copies it to the attacker.
Android.Notcompatible spreads via URL redirects injected into the HTML of innocent bystander sites. Devices that allow installation from unknown sources are most susceptible. Users who restrict their app downloads to Google Play are unlikely to encounter this or any other threat.
Symantec has identified the following sites as Android.Notcompatible hosts. (The "http" part of the addresses is bracketed to prevent accidental launches of infected sites.):
Follow Larry Seltzer and BYTE on Twitter, Facebook, LinkedIn, and Google+: