isothermalsection

Author Topic: For the first time, hacked websites deliver Android malware  (Read 2294 times)

Offline OhauitiWeather

  • Hero Member
  • *****
  • Posts: 1977
  • Country: nz
  • Karma: 284
  • Gender: Male
    • Ohauiti Weather
Analysts with Lookout Mobile Security have found websites that have been hacked to deliver malicious software to devices running Android, an apparent new attack vector crafted for the mobile operating system.
 
The style of attack is known as a drive-by download and is common on the desktop: When someone visits a hacked website, malware can transparently infect the computer if it doesn't have up-to-date patches.
 
"This appears to be the first time that compromised websites have been used to distribute malware targeting Android devices," Lookout wrote on its blog.
 
Lookout said it noticed that "numerous" websites had been compromised to execute the attack, although those sites had low traffic. The company expects the impact to Android users will be low. The malware that tries to install itself, dubbed "NotCompatible," appears to be a TCP relay or a proxy.

"This threat does not currently appear to cause any direct harm to a target device, but could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy," Lookout said. "This feature in itself could be significant for system IT administrators: a device infected with NotCompatible could potentially be used to gain access to normally protected information or systems, such as those maintained by enterprise or government."
 
NotCompatible will automatically start downloading if the hacked website detects an Android device is visiting by looking at the web browser's user-agent string, which specifies the device's operating system.

The hacked websites have an hidden iframe, which is a window that brings other content into the target Web site, at the bottom of a page. The iframe causes the browser to pull content from two other malicious websites hosting NotCompatible. If a PC accesses either of those websites, a "not found" error is displayed, Lookout said.
 
After the malware downloads, the device will ask a user to install the application. But for it to be installed, the Android device's settings must have "unknown sources" enabled, Lookout said. If the setting is not enabled, only applications from the Android Market, now called the Google Play store, can be installed.

Published by Computerworld, written By Jeremy Kirk | Sydney | Thursday, 3 May, 2012
Link to article:  http://computerworld.co.nz/news.nsf/security/for-the-first-time-hacked-websites-deliver-android-malware?opendocument&utm_source=security&utm_medium=email&utm_campaign=security


David Harris
Ohauiti Weather
WH1091 Wireless Weather Station
Ohauiti Weather :: Home  powered by Cumulus MX 3.0.0 b3041
"If it wasn't for the last minute nothing would ever get done"


Share via twitter

xx
Researchers find new malware in Android Ice Cream Sandwich

Started by OhauitiWeather

0 Replies
2400 Views
Last post July 11, 2012, 01:47:36 AM
by OhauitiWeather
xx
Android users targeted by premium-rate SMS malware

Started by OhauitiWeather

0 Replies
2424 Views
Last post May 16, 2012, 08:23:15 PM
by OhauitiWeather
xx
Android malware steals location data from mobile devices

Started by OhauitiWeather

0 Replies
3495 Views
Last post July 21, 2012, 10:41:07 PM
by OhauitiWeather
xx
Security researchers find multistage Android malware on Google Play

Started by OhauitiWeather

0 Replies
2405 Views
Last post July 12, 2012, 11:48:15 PM
by OhauitiWeather
xx
Yahoo hacked in security 'wake-up call'

Started by OhauitiWeather

0 Replies
2276 Views
Last post July 17, 2012, 01:39:58 AM
by OhauitiWeather