Smartphone security company Lookout Mobile Security warned Android phone owners about software that they may have installed from sources other than the Android market. A Reddit user recently discovered Android malware by chance, and brought it to the attention of other members of the social news and message board site.
The malware is from hacked websites, and installs a Trojan called NotCompatible. Once installed, it enables hackers to use the device as a proxy to break into private computer networks. There was also speculation that the Android malware could use the devices to create a botnet.
NotCompatible: What Users Need to Know
According to Lookout, Android phone owners that have sideloading enabled can be infected by NotCompatible malware. Sideloading is the handset’s capability to download apps from unofficial sources.
When a user visits an infected website, he or she will automatically download a file called Update.apk. For those with enabled sideloading, a pop-up screen will prompt them to install an update called com.Security.Update, or something similar. Once it is installed, the device is infected.
Those who have disabled sideloading will not be able to download the Trojan. The feature can be disabled by going to Settings > Applications, and then tapping the “Unknown Sources” box to uncheck it.
Other than using the device as a proxy to break into private computer networks, the malware has no known long-term effects. Unfortunately, there’s no known way to remove the NotCompatible malware once a phone is infected. It’s not clear whether downloading and installing Lookout’s mobile anti-virus would remove it.
Low Overall Impact
There are no specific numbers on how widespread the malware is. However, the smartphone security company has found it on “numerous” websites embedded in an iFrame—a browser segment that displays third-party content.
In addition, NotCompatible’s overall impact is expected to be low. That’s because websites that unknowingly host the malware seem to have low traffic. Most of the hacked websites are local country clubs, computer repair shops, and pest exterminators.
Although NotCompatible sounds scary, it won’t be a threat to users who are using their common sense. Even though it is specifically targeted to Android devices, an attentive user will be fine. Android phone owners must remember to never install anything that they don’t trust or don’t remember downloading to their handset.