New Android malware spreads via hacked websites

May 3, 2012
7

Android is being plagued by malware once again. The security firm Lookout has warned users about a new Android trojan that spreads itself via compromised websites. The trojan can potentially break into government and corporate networks if left unchecked. Right now the trojan seems fairly innocuous, posing as a software update to the user and residing on the system once installed.

The trojan is embedded into iframes of compromised websites, and automatically downloads itself if the page is visited by an Android device. Lookout has dubbed the trojan “NotCompatible”, although the downloaded file is simply called “Update.apk”. Right now there are only a handful of sites that have been compromised with the APK, so Lookout predicts that the total fallout will be low.

Lookout says the trojan doesn’t appear to do any direct harm to the user if installed, “but could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy.” Downloading the trojan isn’t enough either: the user would have to install the APK for there to be any potential danger.

We’ve seen more and more reports of malware targeting Android devices over the past couple of months. Back in January, dozens of apps were infected by Android.Counterclank. In February, one malware variant installed itself by redirecting users away from Facebook and prompting them to install an app, and just last month we saw a fake version of Instagram doing the rounds which sent premium rate text messages in the background once installed.

[via AllThingsD]


Must Read Bits & Bytes