Trojans and malware on Android are a constantly recurring theme. While some argue that there is no real threat at all, others feel that preventive measures are needed to safeguard their mobile devices.
Now, for the first time, a hacked site is distributing malware for Google’s mobile operating system, which could risk corporate networks.
Lookout Mobile Security on Wednesday reported that the new Trojan, dubbed “NotCompatible,” which postures as a system update could potentially be used to gain access to private networks by turning infected devices into TCP relay/proxys.
This type of attack is better known as drive-by download. If someone visits an infected website, malware gets downloaded and installed on the computer without any user interaction.
NotCompatible is distributed via regular websites, such as that of an extermination company. Such sites are using a hack with a hidden IFRAME at the bottom of each page. Visiting an infected website from an Android mobile could cause direct harm–via the drive-by download–and could potentially be used to gain illicit access to corporate networks connected to the mobile device.
“Based on our current research, NotCompatible is a new Android Trojan that appears to serve as a simple TCP relay / proxy while posing as a system update. This threat does not currently appear to cause any direct harm to a target device, but could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy. This appears to be the first time that compromised websites have been used to distribute malware targeting Android devices,” said Lookout Mobile Security CTO Kevin Mahaffey in the blog post.
Hackers produce code disguised as legitimate applications, and attract users to download the app. If a corporate user’s Android device is infected with NotCompatible Trojan and he is using corporate or government network via Wi-Fi then the attacker could penetrate that network.
“A device infected with NotCompatible could potentially be used to gain access to normally protected information or systems, such as those maintained by enterprise or government,” said Mahaffey.
The good news is that Mahaffey sees no evidence yet that corporate networks have been compromised but said CIOs should be aware of NotCompatible Trojan.
Devices, mostly BYOD devices, that download applications from unknown sources are at higher risk. This option is most commonly used in corporates for which it is desirable to supervise Android usage activity by corporate network administrators.
Alarming Rise of Android Malware
Android’s popularity is growing, and that makes it more attractive to developers–it’s also a more attractive target for malware producers. The diverse and open marketplace of Google where developers are free to post their apps is an incentive for hackers to eyeball Android.
Malware targeting mobile operating systems increased in 2011 and most notably malware targeting the Google Android operating system. According to a report from Juniper Networks, malware attacking Android grew by a whopping cumulative increase of 3,325 percent in the last seven months of 2011. Android malware accounted for about half (46.7 percent) of unique malware samples that targeted mobile platforms.
Drive-by Android malware apps are first choice for hackers. We have seen in the past few weeks alone apps like the fake Instagram app, the fake Angry Birds Space game, the fake token generator circulating in the Internet.
More Malware More Protection
Mobile devices are just as exposed to browser-based attacks triggered when a user steers to a malicious Website as computers. There are choices available for Android users when it comes to security products to protect them from these kinds of threats.
While mobile security from Avast Mobile Security, Dr. Web Anti-virus Light, F-Secure Mobile Security, IKARUS Mobile Security Lite, Lookout Mobile Security, Kaspersky Mobile Security Lite, and Zoner AntiVirus Free are industry best as per AV-Test’s top 7 security apps, more security apps keep coming to Android market.
ESET last week released ESET Mobile Security for Android. The security app available at Google Play at a price tag of $10 offers protection against trojans, viruses, worms, spyware, spam, and other attacks using unique behavior-based detection technology.
“There is definitely a significant growth in the number of Android threats that we are detecting at ESET malware research centers around the world,” Robert Lipovsky, ESET Security Intelligence Team Leader, said in a statement. “The new ESET product not only protects you against malware with its unique behavior-based detection, but offers protection for your data in case of device theft or loss.”
It has features like Anti-Theft Security System, GPS location detection, Remote lock, Remote Wipe, SIM Matching, Uninstall protection, SMS/MMS anti-spam, call blocking and security audit with built-in task manager.