Hacked Sites with Android Drive-by Download Malware Discovered

Sites that have been hacked to serve malware aren't anything new. However, the news that sites are being hacked to serve Android drive-by malware is--and an outbreak of these viruses that target Android devices might be on the horizon of some very bad cybercriminals.

These fears come after a new trojan called 'NotCompatible' was discovered. The virus serves as a TCP relay and is presented to the user in the guise of a system update called 'Update.apk.' It doesn't harm your Android device directly, but it works by getting access to private networks and turning the infected gadget into a proxy. And that's where the trouble begins.

These said apps are currently being served from gaoanalitics.info and androidonlinefix.info, with the Command and Control (C&C) domain located at notcompatibleapp.eu.

We're still in the process of assessing the full extent of infected sites; however, there are early indications that the number of affected sites could be numerous.

-- Spokesperson from Lookout security firm

The authors of this trojan still have to work out a few kinks in the virus though, because before it can do its thing, the target device has to have the sideloading setting enabled. Aside from that, the device owner also has to agree to install the app after it downloads.

Smarter users will see through the app and stop it in its tracks before it's installed, although the gullible and the more ignorant ones probably won't. So be one of the smart ones and don't download or install anything that you didn't download yourself.

Article by Hazel Chua
Gigadgetry: Cool Gadgets, Tech News, Quirky Devices