Search This Blog

Hacked sites distributes Android malware(NotCompatible) using drive-by downloads

A Reddit user Georgiabiker discovered a new drive-by malware attack that targets Android users who visit hacked sites.

The hacked websites have been injected with malicious iframe that looks at the User Agent string sent by the browser to see if it contains the string "Android" and if so directs the device to download a malicious Android package (APK) , otherwise it will returns a NOT FOUND error.

After downloading the file, the device will display a notification prompting the user to click on the notification to install the downloaded app.

In order to actually install the app to a device, it must have the “Unknown sources” setting enabled . If the device does not have the unknown sources setting enabled, the installation will be blocked.

"NotCompatible is a new Android trojan that appears to serve as a simple TCP relay / proxy while posing as a system update. This threat does not currently appear to cause any direct harm to a target device, but could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy " Lookout researchers said.

Share it:

Malware Report

Mobile Malwares