First Known Android Drive-By Download Found
The installation prompt of the first known drive-by download malware made for Android devices.
Drive-by downloads have long been the bane of PC security. The attacks, which infect machines whose users happen to land upon corrupted websites, have lately begun to plague Macs as well.
Today (May 2), Lookout Mobile Security of San Francisco announced a mobile-malware milestone: the first known Android drive-by download.
The malware, which Lookout has named "NotCompatible," uses code hidden in websites whose operators have no idea they've been hacked.
Android users who visit such sites will be prompted to install an app that purports to be a security update or Android patch — but only if they've previously set their device's permissions to allow installation of apps from unknown sources.
PC, Mac or iOS users won't notice anything wrong, as the infected code is set to respond only to Android devices.
SecurityNewsDaily visited one infected site using an Android tablet that allowed "unknown sources" apps. The tablet promptly downloaded something called "com.Security.Update," which we can be pretty certain is a Trojan horse, malware that pretends to be something benign.
We did not install the app. Neither should you, if you come across anything that downloads without your permission. In that respect, Android apps have an advantage over PC users, who often have no option to refuse installation of malware from a drive-by download.
We did a Google search for the malicious code Lookout provided, and found only two sites. One belongs to a country club in Montana, while the other is an, ahem, "men's interest" blog featuring well-endowed (but clothed) young ladies.
(For the technically minded, the sites are infected with an iframe that redirects all browsers to a site called "gaoanalitics.info." Android browsers will continue to a site called "androidonlinefix.info," which triggers the app download.)
SecurityNewsDaily will be contacting the sites' administrators to let them know they're infected.
It's not clear what the malware does, but Trojans will often open a "backdoor" into a system that will allow cybercriminals to remotely install all sorts of malware, such as spyware, keyloggers, botnet controls or information-stealers.
If you're an Android user, you need to do two things to protect yourself from such threats. First, set your device to not allow installation from "unknown sources." Second, install some sort of Android anti-virus software.
This story was provided by SecurityNewsDaily, a sister site to TechNewsDaily.