The malware is essentially a simple network proxy, which pretends to be a system update in order to get unwitting users to install it. The idea seems to be gaining access to protected networks through victims' infected Android devices. It was named for its apparent command-and-control server, at notcompatibleapp.eu.
[ Find out how to block the viruses, worms, and other malware that threaten your business, with hands-on advice from InfoWorld's expert contributors in InfoWorld's "Malware Deep Dive" PDF guide. | Don't look now, but your antivirus may be killing your virtualization infrastructure. InfoWorld's Matt Prigge shows you how to detect the warning signs. ]
[ MORE ANDROID: Inside Samsung Galaxy S 4's face- and eye-tracking technology ]
Last weekend saw the number of detections for NotCompatible rise to 20,000 per day as of last Sunday and Monday, wrote researcher Tim Strazzere, who said that the malware had been largely dormant since it was discovered in May 2012.
But while the initial discovery saw the malware being installed by hacked websites, the latest wave of NotCompatible is being spread by email spam. The usual subject line is "hot news," and the infected messages appear to contain links to fake weight-loss articles.
"Depending on the user's Android OS Version and browser, they may be prompted about the download. Many stock browsers will transparently trigger a download to the device /Downloads folder whereas Chrome displays a confirmation dialog," wrote Strazzere.
Lookout said there is little chance of direct harm to infected devices, and victims must allow NotCompatible to be installed for it to function, further minimizing the overall threat to the majority of Android users. The best advice for safety is simply to never allow any .apk whose provenance you're even a little bit unsure of to be installed on your phone.
Email Jon Gold at email@example.com and follow him on Twitter at @NWWJonGold.
Read more about wide area network in Network World's Wide Area Network section.