Our malware analysis team has discovered a malicious software that targets Android smartphones through hacked websites. This adds further credibility to our predictions about the growing threat of mobile malware. This new malware, known as NotCompatible, gets downloaded automatically when an Android user visits a hacked website. A hidden iframe present at the bottom of the hacked page aids the ‘Update.apk’ download to begin (fooling the system into believing that it is downloading a system update).
The process of downloading dangerous malware simply by visiting a website is known as a ‘drive-by download’ – a phenomenon that has been afflicting PCs for a long time so we are well aware of it. However, this is the first time such an incident has been found on an Android device, so the cause for concern is genuine. If hackers can master this technique the threat potential imposed will be immense since it will be a drastic change from their regular social engineering techniques to trick victims.
Interestingly, once the download is completed a notification appears on the device prompting the user to install the program. By default, Android devices only allow applications from the native app market, Google Play, to get installed. But this setting can be changed by going to ‘Settings’, then going to ‘Applications’ and then checking the box next to ‘Unknown sources’. Doing so allows the device to install apps from non-market sources – a process known as ‘sideloading’.
If a user unwittingly allows this installation, his smartphone will get infected and could then potentially act as a TCP relay proxy and provide private network access to the source of this malware. This can adversely affect enterprise networks and personal networks. However, the websites that are hacked and are carriers of this malware see very little traffic as of now so the chances of coming across them are quite low. Nevertheless, this could possibly be a test-run by malicious parties to check the efficiency of this technique and if that is true, Android users everywhere need to be extremely cautious.
Quick Heal advises that Android owners uncheck the ‘Unknown sources’ option so that non-market apps never get installed on their device without their knowledge. Additionally, they should also visit trusted websites only and not click on links that take them to unknown webpages as these could be carrying all kinds of potential threats. Users of Quick Heal Mobile Security are protected from this threat as it detects the malware as Android.Notcompatible.A.