The Inquirer-Home

Lookout warns of Notcompatible Android malware resurgence

20,000 detections of the threat that spews spam email to dupe people
Fri Mar 15 2013, 15:53
Lookout App Icon

MOBILE SECURITY FIRM Lookout has warned that a more dangerous form of the once widespread Android malware threat "Notcompatible" has resurfaced, now using email spam distribution to dupe people.

The US security company said that over the past few days it has seen a "staggering increase" in detections of the Notcompatible malware, which was first reported in May 2012 as a remote proxy threat distributed by hacked websites.

That was the first time the industry saw hacked websites being used to specifically target mobile devices rather than PCs. However, now it seems that the threat is back, and more hazardous than before, using email spam to infect Android devices

Lookout explained that once installed, Notcompatible turns a mobile phone into a proxy to commit online fraud.

"Since the initial detection, we've continued to actively monitor Notcompatible, and it showed relatively low activity levels with occasional moderate spikes," Lookout's lead research and response engineer said in a blog post on Thursday.

"That's all changed over the past few days, as we've seen a sudden surge in detection data across the Mobile Threat Network, peaking at almost 20,000 detections per day between Sunday and Monday this past weekend."

In this resurgence, Lookout said the distribution strategy has changed and the malware is now being spread primarily via spam from hacked email accounts.

The spam links perform a similar targeting tactic as the original form of the malware, by directing users from a browser on Windows, iOS, and OSX to a fake Fox News weight loss article, for example.

When clicking the link on an Android device, the browser is redirected to an "Android Security site" for an update. Many stock web browsers will transparently trigger a download to the device's "/Downloads" folder, whereas Chrome displays a confirmation dialog.

The firm has even released a Youtube video of the threat in action.

Lookout urged Android users to be wary of any emails that have the subject line "Hot News", "Last all Night' or ‘You Won $1000" as they are good indications of spam email that links to the malware.

"If your mobile device unexpectedly starts downloading a file that you weren't expecting, don't click, delete it!" the firm advised. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015