A new Trojan masquerating as a Google Android security update can automatically download and prompt the user to install it, .
Symantec has identified a threat known as Android.Notcompatible, an Android Trojan horse program that installs via a partial drive-by download. However, Symantec gives Android.Notcompatible its lowest risk level: Very Low. The main concern is that other hackers might copy the technique to use in other attacks.
Drive-by downloads--malware that installs itself without the user's knowledge--typically occur when you visit a website. Android.Notcompatible masquerades as an Android system update named "com.Security.Update". The download and installation sequence is demonstrated in the images below. Infected users approve the installation because they are fooled into thinking the program is a genuine update. Once installed on a phone, Android.Notcompatible uses proxy code to monitor all data moving in or out of the phone, including personal data, and copies it to the attacker.
Android.Notcompatible spreads via URL redirects injected into the HTML of innocent bystander sites. Devices that allow installation from unknown sources are most susceptible. Users who restrict their app downloads to Google Play are unlikely to encounter this or any other threat.
Symantec has identified the following sites as Android.Notcompatible hosts. (The "http" part of the addresses is bracketed to prevent accidental launches of infected sites.):
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 7, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program!