Who is ready for yet another story surrounding Android, Malware and “drive-by” attacks? Mobile Security firm Lookout is reporting that Android users have been the victim of “drive-by” attacks that allow hacked websites to side load malicious Android apps onto their device. The apps are installed via an embedded iframe triggering an HTML script that automatically pushes a trojan dubbed NotCompatible. Users are then prompted to install the file, which appears to be a normal Android update.
NotCompatible acts as a TCP relay/proxy that links to a command and control server at notcompatibleapp.edu and could be used to turn any Android device into a proxy for accessing private networks. Lookout says that so far we’ve been lucky and the trojan app has not caused any “direct harm to a target device.”
So far, ten sites have been identified as sources for the malware, but there could be more as this threat grows. So how can you prevent this? Disable the ability to install apps from non-Google Play sources and make sure to question the appearance of any app that suddenly wants to be downloaded without any prompting.