MOBILE SECURITY FIRM Lookout has warned that a more dangerous form of the once widespread Android malware threat "Notcompatible" has resurfaced, now using email spam distribution to dupe people.
The US security company said that over the past few days it has seen a "staggering increase" in detections of the Notcompatible malware, which was first reported in May 2012 as a remote proxy threat distributed by hacked websites.
That was the first time the industry saw hacked websites being used to specifically target mobile devices rather than PCs. However, now it seems that the threat is back, and more hazardous than before, using email spam to infect Android devices
Lookout explained that once installed, Notcompatible turns a mobile phone into a proxy to commit online fraud.
"Since the initial detection, we've continued to actively monitor Notcompatible, and it showed relatively low activity levels with occasional moderate spikes," Lookout's lead research and response engineer said in a blog post on Thursday.
"That's all changed over the past few days, as we've seen a sudden surge in detection data across the Mobile Threat Network, peaking at almost 20,000 detections per day between Sunday and Monday this past weekend."
In this resurgence, Lookout said the distribution strategy has changed and the malware is now being spread primarily via spam from hacked email accounts.
The spam links perform a similar targeting tactic as the original form of the malware, by directing users from a browser on Windows, iOS, and OSX to a fake Fox News weight loss article, for example.
When clicking the link on an Android device, the browser is redirected to an "Android Security site" for an update. Many stock web browsers will transparently trigger a download to the device's "/Downloads" folder, whereas Chrome displays a confirmation dialog.
The firm has even released a Youtube video of the threat in action.
Lookout urged Android users to be wary of any emails that have the subject line "Hot News", "Last all Night' or ‘You Won $1000" as they are good indications of spam email that links to the malware.
"If your mobile device unexpectedly starts downloading a file that you weren't expecting, don't click, delete it!" the firm advised. µ
We didn’t see that one coming
Sargent Bash is about to know his enemy
And now they are being traded in Russia
So it's not really come to Android at all as such