Our malware analysis team has discovered a malicious software that targets Android smartphones through hacked websites. This adds further credibility to our predictions about the growing threat of mobile malware. This new malware, known as NotCompatible, gets downloaded automatically when an Android user visits a hacked website. A hidden iframe present at the bottom of the hacked page aids the ‘Update.apk’ download to begin (fooling the system into believing that it is downloading a system update).
The process of downloading dangerous malware simply by visiting a website is known as a ‘drive-by download’ – a phenomenon that has been afflicting PCs for a long time so we are well aware of it. However, this is the first time such an incident has been found on an Android device, so the cause for concern is genuine. If hackers can master this technique the threat potential imposed will be immense since it will be a drastic change from their regular social engineering techniques to trick victims.
Interestingly, once the download is completed a notification appears on the device prompting the user to install the program. By default, Android devices only allow applications from the native app market, Google Play, to get installed. But this setting can be changed by going to ‘Settings’, then going to ‘Applications’ and then checking the box next to ‘Unknown sources’. Doing so allows the device to install apps from non-market sources – a process known as ‘sideloading’.
If a user unwittingly allows this installation, his smartphone will get infected and could then potentially act as a TCP relay proxy and provide private network access to the source of this malware. This can adversely affect enterprise networks and personal networks. However, the websites that are hacked and are carriers of this malware see very little traffic as of now so the chances of coming across them are quite low. Nevertheless, this could possibly be a test-run by malicious parties to check the efficiency of this technique and if that is true, Android users everywhere need to be extremely cautious.
Quick Heal advises that Android owners uncheck the ‘Unknown sources’ option so that non-market apps never get installed on their device without their knowledge. Additionally, they should also visit trusted websites only and not click on links that take them to unknown webpages as these could be carrying all kinds of potential threats. Users of Quick Heal Mobile Security are protected from this threat as it detects the malware as Android.Notcompatible.A.
You'll see a warning if the content you're trying to see is dangerous or deceptive. These sites are often called "phishing" or "malware" sites. Phishing and malware detection is turned on by default. When it's turned on, you might see the following messages. If you see one of these messages, we recommend that you don't visit the site.
You'll see a warning if the content you're trying to see is dangerous or deceptive. These sites are often called "phishing" or "malware" sites.
Phishing and malware detection is turned on by default. When it's turned on, you might see the following messages. If you see one of these messages, we recommend that you don't visit the site.
Important: Download with caution. Some sites try to trick you into downloading harmful software by telling you that you have a virus. Be careful not to download any harmful software.
View unsafe sites
You can visit a page that is showing a warning. This is not recommended.
Turn off warnings about dangerous & deceptive sites
If you don't want to be warned about unsafe content, you can turn off Google Play Protect. This also turns off all your Android device's protection against harmful apps and content.
For security, we recommend that you always keep Google Play Protect on.
Turn Google Play Protect off or back on
Did you mean [site name]?
If you get this message, Chrome thinks that the web address may be for a different site than the one you expected.
The message may also say “Is this the right site?” or “Fake site ahead.”
You get this message when the site you try to visit:
If you think a page was flagged in error and you want to proceed to the site, dismiss the notification.