2 
As more and more traffic moves from the desktop to mobile devices, malware has closely followed it. Now, an Internet security firm has discovered the first websites designed specifically to infect Android devices that visit the page with malware.
Lookout Mobile Security discovered the sites, which operate as drive-by malware vectors. That is, if an Android device that isn’t fully patched visits one of these sites, malware will automatically and invisibly install itself on the device.
In this case, the malware is “NotCompatible,” a Trojan that poses as a system update but acts as a proxy redirect. The site checks the victim’s browser’s user-agent string to confirm that it is an Android visiting, then automatically installs the Trojan. Luckily, the number of dangerous sites is still quite low and none of them get much traffic but it does signal the start of a troubling trend.
“This threat does not currently appear to cause any direct harm to a target device, but could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy,” Lookout said on its blog post. “This feature in itself could be significant for system IT administrators: a device infected with NotCompatible could potentially be used to gain access to normally protected information or systems, such as those maintained by enterprise or government.”
There are, however, a number of steps you can take to protect yourself. First, turn off the “Install from unknown sources” option. With that off, NotCompatible can’t set up shop on your device. Second, get yourself a mobile anti-virus app. Both AVG and Avast have excellent apps (they’re also free). Third, stop dredging the recesses of the Internet on your phone. [Lookout via PCWorld]
Image credit: Padlock from Shutterstock
Brave Researcher Visits Porn Sites and Discovers Shock Malware Risk
Train Company Site Update Delayed by... Bad Weather
Google Chrome Is Blocking a Bunch of Major Sites for Malware, Even YouTube
I visited a site that tried to load a battery saver app. It in fact managed to download it as you could not leave the screen with out you clicking on a screen that said “your battery is low” with out clicking on the screen that allowed it download.
I do not allow side loading for this type of reason.
You mention Lookout discovered the sites, but fail to mention that Lookout also has an excellent antivirus App, which protects people from this particular malware. I have to admit I am always a bit suspicious of new malwares that are discovered by antivirus companies before they have done any real world damage. Makes you wonder who exactly wrote them.
suspicious when antivirus companys discover malware?
have a day off!
conspiracy theories!!!!
“suspicious when antivirus companys discover malware?”
NO, suspicious when antivirus companys discover malware before anyone in the wild gets infected by it. I assume antivirus companies employ people to improve their software. One way to improve that software is to make it detect more threats. Why wait till a virus writer comes up with something when you can create it in the lab and be sure that your antivirus protects against it. It is then good advertising to say “we found this but our antivirus product will protect you against it”.
I am not saying that this is what happens, nor do I lose a moments sleep wondering if it is what happens. I am just saying that when I see these reports I wonder about it.
As for the day off, I’ll let the boss know you said I could go home early.
I actually had a variant of this on my Android-themed blog a couple of months back. When viewing it from an Android mobile it would redirect the site, close the browser and download a “xxx.apk” file to the phone. This one’s definitely real
So how did it get on your blog? Hope you’re not running a dodgy warez site in your spare time Gary
Ha, no, it was via a WordPress hack. No idea how it got there, honest.
Read the source link. It doesn’t automatically install the malware. It just downloads the apk and then asks you if you want to install it.
Hardly the same thing.