Lookout Mobile has detected websites aimed at mobile devices to distribute malware.
This type of attack — or drive-by download — happens on a website infected with malware. When a user loads the site, it automatically triggers a malware download. It often does not prompt you like other downloads, and instead quietly downloads a virus in the background. These are dangerous as the user is left unaware. Lookout Mobile, which makes mobile anti-virus software, says this is the first it’s seen websites facilitating malware downloads targeting mobile phones, specifically Androids.
The Trojan is called NotCompatible and is executed when an Android browser accesses an infected website. The website has a small iFrame installed, which opens a separate webpage. This webpage then downloads an application to the Android phone. The application will disguise itself as a security update and prompt the user to install it. If successfully installed, the Trojan gains access to your system. Thus far, Lookout says, NotCompatible doesn’t look like it disrupts your phone or collects any data. Instead, it has the capability of entering private networks your phone may be connected to. This may be the case for enterprise and government employees.
Researchers expect this hasn’t affected many Android users, as the websites don’t seem to be getting a lot of traffic. Thus far Lookout has identified 10 infected websites, including gaoanalitics.info and androidonlinefix.info.
Recently, security professionals have been warning about the possibility of drive-by downloads on mobile devices. Overall malware has increased 41 percent in the last year, according to a report by Symantec, and mobile is certainly on watch.