A malware threat first observed in 2012 has evolved and hijacked more than 4 million Android devices to send spam emails, buy event tickets in bulk and crack WordPress accounts. In its new and improved form, the threat is now putting enterprise networks at risk.
Mobile security firm Lookout first discovered NotCompatible in 2012 (variant “A”), when the malware disguised itself as a system update, which if downloaded turned the infected device into an attacker-controlled proxy. “We’ve seen increasingly sophisticated threats emerging – for the first time ever, we witnessed malware writers targeting the mobile Web via compromised or infected websites with the NotCompatible threat,” said Derek Halliday, senior product manager at Lookout, in an interview with Digital Trends back in August 2012.
Since then, Lookout has tracked the NotCompatible threat and is now reporting the emergence of NotCompatible.C, the newest iteration of the malware. What makes NotCompatible.C a bigger threat than the original version is its ability to infiltrate secure enterprise networks by way of infected devices.
“NotCompatible.C is ultimately a botnet-for-rent; though the server architecture, peer-to-peer communications, and encryption make it a much more formidable threat,” according to Lookout. In other words, the new version of NotCompatible makes it more difficult for network security systems to detect and block.
Spam email blasts and compromised websites are the delivery channels for the “drive-by-downloads” that infect devices with NotCompatible.C. The malware relies on the gullibility of Android users – for instance, including a link to an Android application package (APK) in an email about weight loss solutions.
The malware is costly for owners of infected Android phones. Not only does it use data that counts against a user’s carrier plan, it also drains a phone’s battery.
Lookout offers two strategies to protect against NotCompatible.C: use an advanced mobile security platform to detect the threat at device level and segment networks to limit the potential reach of an infected device. Lookout says its mobile app is able to defend Android devices from NotCompatible.C.
To read a more detailed analysis of the NotCompatible.C threat, read Lookout’s report.
Lookout’s report about NotCompatible.C is hardly alone in sounding the warning bell for Android users. According to online security firm F-Secure, 99 percent of mobile malware threats in Q1 2014 were designed to run on Android devices. Meanwhile, Cheetah Mobile, a company that makes mobile apps to clean, protect and optimize phones, recently reported that 9 percent of Android apps are fully or partially malware.