ADVERTISEMENT

SUPEREGO

Hacked Sites with Android Drive-by Download Malware Discovered

Gallery Icon

bill-swift - May 8, 2012

Sites that have been hacked to serve malware aren't anything new. However, the news that sites are being hacked to serve Android drive-by malware is--and an outbreak of these viruses that target Android devices might be on the horizon of some very bad cybercriminals.

These fears come after a new trojan called 'NotCompatible' was discovered. The virus serves as a TCP relay and is presented to the user in the guise of a system update called 'Update.apk.' It doesn't harm your Android device directly, but it works by getting access to private networks and turning the infected gadget into a proxy. And that's where the trouble begins.

These said apps are currently being served from gaoanalitics.info and androidonlinefix.info, with the Command and Control (C&C) domain located at notcompatibleapp.eu.

We're still in the process of assessing the full extent of infected sites; however, there are early indications that the number of affected sites could be numerous.

-- Spokesperson from Lookout security firm

The authors of this trojan still have to work out a few kinks in the virus though, because before it can do its thing, the target device has to have the sideloading setting enabled. Aside from that, the device owner also has to agree to install the app after it downloads.

Smarter users will see through the app and stop it in its tracks before it's installed, although the gullible and the more ignorant ones probably won't. So be one of the smart ones and don't download or install anything that you didn't download yourself.

Article by Hazel Chua
Gigadgetry: Cool Gadgets, Tech News, Quirky Devices


Disclaimer: All rights reserved for writing and editorial content. No rights or credit claimed for any images featured on egotastic.com unless stated. If you own rights to any of the images because YOU ARE THE PHOTOGRAPHER and do not wish them to appear here, please contact us info(@)egotastic.com and they will be promptly removed. If you are a representative of the photographer, provide signed documentation in your query that you are acting on that individual's legal copyright holder status.


>