'NotCompatible' Android malware rears its ugly head, again

The malware turns Android devices into unwitting Web proxies

The "NotCompatible" malware, designed to infect Android devices and turn them into unwitting Web proxies, is suddenly showing a sharp uptick in activity, according to mobile security vendor Lookout.

The malware is essentially a simple network proxy, which pretends to be a system update in order to get unwitting users to install it. The idea seems to be gaining access to protected networks through victims' infected Android devices. It was named for its apparent command-and-control server, at notcompatibleapp.eu.

[ Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from InfoWorld's expert contributors in InfoWorld's "Malware Deep Dive" PDF guide. | Don't look now, but your antivirus may be killing your virtualization infrastructure. InfoWorld's Matt Prigge shows you how to detect the warning signs. ]

[ MORE ANDROID: Inside Samsung Galaxy S 4's face- and eye-tracking technology ]

Last weekend saw the number of detections for NotCompatible rise to 20,000 per day as of last Sunday and Monday, wrote researcher Tim Strazzere, who said that the malware had been largely dormant since it was discovered in May 2012.

But while the initial discovery saw the malware being installed by hacked websites, the latest wave of NotCompatible is being spread by email spam. The usual subject line is "hot news," and the infected messages appear to contain links to fake weight-loss articles.

"Depending on the user's Android OS Version and browser, they may be prompted about the download. Many stock browsers will transparently trigger a download to the device /Downloads folder whereas Chrome displays a confirmation dialog," wrote Strazzere.

Lookout said there is little chance of direct harm to infected devices, and victims must allow NotCompatible to be installed for it to function, further minimizing the overall threat to the majority of Android users. The best advice for safety is simply to never allow any .apk whose provenance you're even a little bit unsure of to be installed on your phone.

Email Jon Gold at jgold@nww.com and follow him on Twitter at @NWWJonGold.

Read more about wide area network in Network World's Wide Area Network section.

This story, "'NotCompatible' Android malware rears its ugly head, again" was originally published by NetworkWorld.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies