A mobile security firm has discovered that a malicious software that was specifically created to download to Android phones from infected sites.
Named the NotCompatible, this hides from an updated file that automatically downloads itself. Though it does this, it still needs permission from the user before it starts installation.
Once installed in the device, the malware acts as a TCP relay that can use its host as a mask to send traffic like a proxy.
Infected sites URL’s have not been made public as of the moment as is the real number of those infected by the malware.
Symantec says that this number could easily reach thousands of sites.
Security firm lookout is suggesting that these attacks may be targeted to enable anonymous hosting for criminal activity. They say that it’s a “well-written and stable” code.
According to co-founder and CTO of Lookout Security Kevin Mahaffrey, “There are a couple of ways [the hackers] can profit from this. One is general online fraud. The other is targeted attacks against enterprises.”
He added, “This is the first time that [hackers] have used legitimate websites to serve Android malware. We see Android malware all the time, but it’s usually served using social engineering.”
Image Source: googleplay.cc