Lookout says the trojan, NotCompatible, is targeted at Android users

Lookout, a Mobile Security company, has detected websites aimed at distributing malware to mobile devices.

This type of attack, also known as the drive-by download, happens via websites infected with malware. When a user accesses these sites, it automatically triggers a malware download. It often does not prompt the user like other downloads, and instead quietly downloads a virus in the background. These are dangerous as the user is left unaware.

Lookout Mobile, which makes mobile anti-virus software, says this is the first it has seen of websites facilitating malware downloads targeting mobile phones, specifically devices running the Android OS.

The Trojan is called NotCompatible and is executed when an Android browser accesses an infected website. The website has a small iFrame installed, which opens a separate web page. This web page then downloads an application to the Android phone. The application disguises itself as a security update and prompts the user to install it. If successfully installed, the Trojan gains access to your system.

In 2011, a variant Trojan:Android/Adrd.A, was discovered. The Android/Adrd.A Trojan, unlike the NotCompatible Trojan, appears to be distributed only in Chinese markets and may only be specific to Chinese networks.

The malware is distributed using repackaged (infected) legal apps, especially wallpapers that do not usually appear on apps panel, therefore users may rarely notice it. This trojan compromises personal data such as IMEI/IMSI of the device and sends them back to the remote operator based on the commands from there.

The infected applications request extensive permissions like RECEIVE_BOOT_COMPLETED, ACCESS_NETWORK_STATE to be able to run in the background once the event occurs.

The Android/Adrd.A Trojan also schedules an alarm to wake itself up regularly. However, it’s somewhat lower profile than ‘GEINIMI’ trojan found in 2010. Fewer messages or commands sent and less bandwidth consumed by this trojan. Users may not even notice it after weeks but still suffer data leakage and bandwidth consumption.

Security experts at Lookout say NotCompatible doesn’t look like it disrupts your phone or collects any data. Instead, it has the capability of entering private networks your phone may be connected to.

This may be the case for enterprise and government employees.

Researchers expect this hasn’t affected many Android users, as the websites don’t seem to be getting a lot of traffic. As of this moment, about 10 infected websites have been discovered, including gaoanalitics.info and androidonlinefix.info.

Recently, security professionals have issued warnings about the possibility of drive-by downloads on mobile devices, even as malware infection has increased 41 percent in the last year, according to a report by Symantec; Anti-Virus software makers.

View the original article here

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.