Can Android be infected by visiting a website?

Our malware analysis team has discovered a malicious software that targets Android smartphones through hacked websites. This adds further credibility to our predictions about the growing threat of mobile malware. This new malware, known as NotCompatible, gets downloaded automatically when an Android user visits a hacked website. A hidden iframe present at the bottom of the hacked page aids the ‘Update.apk’ download to begin (fooling the system into believing that it is downloading a system update).

The process of downloading dangerous malware simply by visiting a website is known as a ‘drive-by download’ – a phenomenon that has been afflicting PCs for a long time so we are well aware of it. However, this is the first time such an incident has been found on an Android device, so the cause for concern is genuine. If hackers can master this technique the threat potential imposed will be immense since it will be a drastic change from their regular social engineering techniques to trick victims.

Interestingly, once the download is completed a notification appears on the device prompting the user to install the program. By default, Android devices only allow applications from the native app market, Google Play, to get installed. But this setting can be changed by going to ‘Settings’, then going to ‘Applications’ and then checking the box next to ‘Unknown sources’. Doing so allows the device to install apps from non-market sources – a process known as ‘sideloading’.

If a user unwittingly allows this installation, his smartphone will get infected and could then potentially act as a TCP relay proxy and provide private network access to the source of this malware. This can adversely affect enterprise networks and personal networks. However, the websites that are hacked and are carriers of this malware see very little traffic as of now so the chances of coming across them are quite low. Nevertheless, this could possibly be a test-run by malicious parties to check the efficiency of this technique and if that is true, Android users everywhere need to be extremely cautious.

Quick Heal advises that Android owners uncheck the ‘Unknown sources’ option so that non-market apps never get installed on their device without their knowledge. Additionally, they should also visit trusted websites only and not click on links that take them to unknown webpages as these could be carrying all kinds of potential threats. Users of Quick Heal Mobile Security are protected from this threat as it detects the malware as Android.Notcompatible.A.

Manage warnings about unsafe sites

You'll see a warning if the content you're trying to see is dangerous or deceptive. These sites are often called "phishing" or "malware" sites.

Get warnings about dangerous & deceptive content

Phishing and malware detection is turned on by default. When it's turned on, you might see the following messages. If you see one of these messages, we recommend that you don't visit the site.

  • The site ahead contains malware: The site you start to visit might try to install bad software, called malware, on your computer.
  • Deceptive site ahead: The site you try to visit might be a phishing site.
  • Suspicious site: The site you want to visit seems suspicious and may not be safe.
  • The site ahead contains harmful programs: The site you start to visit might try to trick you into installing programs that cause problems when you’re browsing online.
  • This page is trying to load scripts from unauthenticated sources: The site you try to visit isn't secure.

Important: Download with caution. Some sites try to trick you into downloading harmful software by telling you that you have a virus. Be careful not to download any harmful software.

View unsafe sites

You can visit a page that is showing a warning. This is not recommended.

  1. On your Android phone or tablet, open the Chrome app
  2. On the page where you see a warning, tap Details.
  3. Tap Visit this unsafe site.
  4. The page will load.

Turn off warnings about dangerous & deceptive sites

If you don't want to be warned about unsafe content, you can turn off Google Play Protect. This also turns off all your Android device's protection against harmful apps and content. 

For security, we recommend that you always keep Google Play Protect on.

Turn Google Play Protect off or back on

  1. On your Android phone or tablet, open the Google Play Store app 
  2. Tap Menu
     Play Protect.
  3. Turn Scan device for security threats on or off.

Did you mean [site name]?

If you get this message, Chrome thinks that the web address may be for a different site than the one you expected.

The message may also say “Is this the right site?” or “Fake site ahead.”

You get this message when the site you try to visit:

  • Appears similar to a safe site you usually visit.
  • Tries to trick you with a URL that is slightly changed from a known safe site.
  • Has a URL that is slightly different from a URL in your browsing history.

If you think a page was flagged in error and you want to proceed to the site, dismiss the notification.