Android users have got a little malware to worry about. A new Trojan, called “NotCompatible” aimed at the Android OS is infecting devices via infected websites.
Security company Lookout claims that this Trojan is the first to use infected websites to target Android and believes that the malware could be used to break into private networks. NotCompatible works by automatically downloading software from a compromised website, prompting users to install the app once it is down.
The process does require the user to participate in their own infection since they will have to authorise the app so hopefully most savvy users will be able to sidestep any worries. In addition the “Unknown source” option must be enabled on the phone in order for the malware app to install.
“This specific sample, while relatively well constructed, does not appear to go to great lengths to hide its intended purpose: it can be used to access private networks. This feature in itself could be significant for system IT administrators: a device infected with NotCompatible could potentially be used to gain access to normally protected information or systems, such as those maintained by enterprise or government.”