facebook rss twitter

Android 'Notcompatible' Trojan appears on websites

by Alistair Lowe on 4 May 2012, 10:53

Tags: Google (NASDAQ:GOOG)

Quick Link: HEXUS.net/qabf7n

Add to My Vault: x

We typically look to PCs and Macs when it comes to virus and trojan attacks originating from websites, however, mobile security firm, Lookout, claims to have spotted a webborne trojan, duly titled 'Notcompatible' which specifically targets Android handsets.

The trojan exists on infected websites as a hidden iframe at the bottom of each page, causing the device to automatically begin downloading the file 'Update.apk', an Android application file.

Lookout states that the trojan does not cause any direct harm or expose data on the device itself, which is likely protected through application sandboxing, however can be used as a TCP relay to bypass the firewall of whatever network the device is on. It's worth noting that this isn't a huge issue for many corporations or government institutions, as user WiFi devices are typically isolated or heavily fire-walled from the corporate network themselves and so, most at risk, in theory, are home users.

We wonder how and if Google will respond to the report and what measures may be taken by operators worldwide to bolster security on Android devices.

HEXUS Forums :: 7 Comments

Login with Forum Account

Don't have an account? Register today!
Posted by deleted - Fri 04 May 2012 12:05
Um -This won't install unless you have allow install from unknown sources ticked. The only people who do this either know what they are doing or where stupid and ignored the warning. Surprised if this has had that many infections.
Posted by deleted - Fri 04 May 2012 12:07
Was thinking that myself
Posted by deleted - Fri 04 May 2012 12:30
Deleted
Um -This won't install unless you have allow install from unknown sources ticked. The only people who do this either know what they are doing or where stupid and ignored the warning. Surprised if this has had that many infections.
Ditto - as you say, you've got to go out of your way to install this. Dare say that the Apple fanboys will make much of this.

Actually I've got AVG (paid version) running on my X10, and I think it'd pick this up on it's weekly scans. Certainly I've had warnings in the past about having that “Allow unknown sources” on and it's warned of some unsigned apps too (I was playing with some third party ROMs at the time, so I was kind of expecting it).
Posted by deleted - Fri 04 May 2012 14:15
Would you not also have to accidentally click an install button too, or can it do it automatically?

I'm still confused about exactly what it does.. does it allow someone on ‘the internetz’ access to your home network, so any files accessible to the network can be viewed?

Seeing as how I'm a) never connected to Wifi, as it's slower than HSDPA for me and b) don't have anything shared on my home network anyway, I guess I'm fairly safe? :p
Posted by deleted - Sun 06 May 2012 01:35
I had allow install from unknown sources ticked as I had just been on the Samsung app store. And while on the google play store something Strang tried to download by it self it had eastern characters Japanese or Chinese I had no such apps installed so I immediately switched off my phone before it finished downloading itself.

Has anyone any answers as to what might have happened?
This was on a galaxy note with gingerbread.

SEE NEWER »