NotCompatible Android Trojan: What You Need to Know
By Ian Paul
Android smartphone users should be on the lookout for hacked websites that automatically download an app onto your phone in an attempt to trick you into installing malicious code. For what may be the first time ever, analysts at Lookout Mobile Security are warning of a so-called drive-by download attack specifically targeted at Android devices. The attack uses infected websites to try to install a Trojan horse called NotCompatible onto your phone. If installed, the Android malware could let hackers use the phone as an intermediary access point, or proxy, to break into private computer networks. There is also some speculation that NotCompatible could add your phone to a botnet.
However, while NotCompatible sounds scary, it is not a threat if you use common sense and never install anything on your phone that you don’t trust or don’t remember downloading. Here’s what Android users need to know about NotCompatible.
How was NotCompatible discovered?
The Trojan first surfaced when a Reddit user named “georgiabiker” discovered NotCompatible by chance and brought the malware to the Reddit community’s attention. Reddit is a social news site and message board.
Who’s at Risk?
NotCompatible can only infect people who have enabled sideloading — the ability to download apps from unofficial sources — for their device, according to Lookout. Sideloading is enabled on your phone by going to Settings>Applications and then tapping the “Unknown Sources” check box.
Keep in mind that even if you have sideloading enabled, getting infected still requires explicit user action.
OK, So How Do I Get Infected?
Any Android user arriving at an infected site using the phone’s browser will automatically download a file called “Update.apk.”
If you have sideloading enabled, a screen will pop-up asking you to install an update named com.Security.Update or something similar. Any user who then installs the application will get infected.
If you are not sideloading apps, you will not be able to install the Trojan, Lookout says.
What Does It Do to My Phone?
It’s not immediately clear whether there’s any long-term effect on your phone or your device’s content, but so far Lookout says the only thing that will happen is your phone could be used as a proxy by a third-party.
How Widespread is the Trojan?
Lookout is not offering any specific numbers, but the company says it has found the malware on “numerous” websites embedded in an iframe — a segment of a browser window that can display content from a third-party. Lookout expects NotCompatible’s overall impact to be low.
Hacked sites unknowingly acting as a vehicle for NotCompatible appear to be typically low traffic websites for local businesses such as country clubs, computer repair, and pest exterminators.
What If I’m Infected?
Lookout has not provided any information on what users can do if they are infected with NotCompatible so it’s not clear whether installing Lookout’s antivirus software would remove the malicious software.
Even though this malware is specifically targeted for Android devices, as long as you remain attentive when authorizing new apps and watch out for unauthorized downloads, your device should be fine.