As the number of mobile devices connected to the Internet grows, the number of threats to our smartphones, tablets, and other connected devices grows as well. And guess what? Lookout Mobile Security on Wednesday reported that there are now hacked websites targeting Android devices with a new Android Trojan called NotCompatible, an attack vector previously only used to infect PCs with malware.
"In this specific attack, if a user visits a compromised website from an Android device, their Web browser will automatically begin downloading an application—this process is commonly referred to as a drive-by download," the security firm said on its official Lookout blog.
"When the suspicious application finishes downloading, the device will display a notification prompting the user to click on the notification to install the downloaded app. In order to actually install the app to a device, it must have the 'Unknown sources' setting enabled (this feature is commonly referred to as 'sideloading'). If the device does not have the unknown sources setting enabled, the installation will be blocked."
NotCompatible was actually discovered by an HTC Rezound owner whose phone was infected after visiting a pest control company's website. She posted an item about the incident on Reddit early on Wednesday where it was spotted by the Lookout team.
Lookout called the development "the first time hacked websites are being used to specifically target mobile devices." Malware threats to Android phones in the past have largely come via apps.
The security firm said it was still assessing how many sites were infected with the NotCompatible malware but that "there are early indications that the number of affected sites could be numerous." However, compromised websites that are delivering NotCompatible through Android mobile Web browsers appear to be relatively low-traffic sites, Lookout said, and for the time being, "we expect total impact to Android users to be low."
Further research by the Lookout team indicates that NotCompatible works as "a simple TCP relay/proxy while posing as a system update." The company said the malware isn't currently harming target devices as far as they can tell, but "could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy."
Android device users should be on the lookout for automatic downloads of the NotCompatible application, which is called "Update.apk". Lookout said its own security products protect Android device users against the malware through general protections that are in place to prevent drive-by downloads.
Lookout for Android is PCMag's Editors' Choice for Android security, but other high-performing malware detectors include F-Secure Mobile Security 7.6 and McAfee Mobile Security 2.0. All have free versions that include a quick malware scan.
For more from Damon, follow him on Twitter @dpoeter.
