Novel Android Malware Spotted on Compromised Web Sites
Demonstrating the increasing sophistication of mobile malware, a new Android Trojan is spreading via compromised Web sites and could potentially be used to crack corporate and government networks.
The bug, dubbed NotCompatible, is the first Android bug to spread this way, according to mobile-security specialist Lookout. The Trojan poses as a system update and, while the current version doesn’t appear to do harm, it could be used in malicious ways.
“This threat does not currently appear to cause any direct harm to a target device, but could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy,” Lookout said in a blog post.
In order for a device to be infected, the user would have to install the downloaded Trojan, Lookout said.
“Based on our initial investigation, we’ve confirmed that a number of websites have been compromised,” Lookout said. “However, affected sites appear to show relatively low traffic and we expect total impact to Android users to be low.”