First Drive-By Malware Sites Discovered For Android

As more and more traffic moves from the desktop to mobile devices, malware has closely followed it. Now, an internet security firm has discovered the first websites designed specifically to infect Android devices that visit the page with malware.

Lookout Mobile Security discovered the sites, which operate as drive-by malware vectors. That is, if an Android device that isn't fully patched visits one of these sites, malware will automatically and invisibly install itself on the device.

In this case, the malware is "NotCompatible", a Trojan that poses as a system update but acts as a proxy redirect. The site checks the victim's browser's user-agent string to confirm that it is an Android visiting, then automatically installs the trojan. Luckily, the number of dangerous sites is still quite low, and none of them get much traffic, but it does signal the start of a troubling trend.

"This threat does not currently appear to cause any direct harm to a target device, but could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy," Lookout said in its blog post. "This feature in itself could be significant for system IT administrators: a device infected with NotCompatible could potentially be used to gain access to normally protected information or systems, such as those maintained by enterprise or government."

There are, however, a number of steps you can take to protect yourself. First, turn off the "Install from unknown sources" option. With that off, NotCompatible can't set up shop on your device. Second, get yourself a mobile antivirus app. Both AVG and Avast have excellent apps (they're also free). Third, stop dredging the recesses of the internet on your phone. [Lookout via PCWorld]

Image: Pavel Ignatov/Shutterstock



    it was always a matter of when not if. this also raises an interesting point of mobile phones sophisticated enough to be basically a computer in your pocket and eventually needing antivirus.

    seriously how do we find the people that do this and beat them to death with the circuit boards of the computers used to create the malware in the first place?

    Lol, you suggest AVG or Avast for mobile security when Lookout are the source for this article... You do realise Lookout also offer free mobile security, and it actually works on ICS...

    No mention of iOS for iPhone here....oh that's right.......the much maligned "walled garden" of Apple's approach has a massive benefit after all.

      Except you're tied to using a single pathetic browser...

        Dolphin HD and Opera are available on the iPhone last I checked?

      Except that, with Android, you can __choose__ to wall your garden or not. Just disable "Install from Unknown Sources".

      With Apple you either wall your garden or you have the other choice: well... to wall your garden. :-)

    lol, antivirus on a mobile phone? Yea I'll just make a better choice when it comes to my phone.

    So... it seems like, to be infected, you need to confirm a random installation request that appeared from nowhere while you were browsing. OK, disable "Install from unknown sources", but...

    As always, no matter what security practices are in place, there is no medicine for stupidity.

Join the discussion!