First Drive-By Malware Sites Discovered for Android

By Andrew Tarantola on at

As more and more traffic moves from the desktop to mobile devices, malware has closely followed it. Now, an Internet security firm has discovered the first websites designed specifically to infect Android devices that visit the page with malware.

Lookout Mobile Security discovered the sites, which operate as drive-by malware vectors. That is, if an Android device that isn't fully patched visits one of these sites, malware will automatically and invisibly install itself on the device.

In this case, the malware is "NotCompatible," a Trojan that poses as a system update but acts as a proxy redirect. The site checks the victim's browser's user-agent string to confirm that it is an Android visiting, then automatically installs the Trojan. Luckily, the number of dangerous sites is still quite low and none of them get much traffic but it does signal the start of a troubling trend.

"This threat does not currently appear to cause any direct harm to a target device, but could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy," Lookout said on its blog post. "This feature in itself could be significant for system IT administrators: a device infected with NotCompatible could potentially be used to gain access to normally protected information or systems, such as those maintained by enterprise or government."

There are, however, a number of steps you can take to protect yourself. First, turn off the "Install from unknown sources" option. With that off, NotCompatible can't set up shop on your device. Second, get yourself a mobile anti-virus app. Both AVG and Avast have excellent apps (they're also free). Third, stop dredging the recesses of the Internet on your phone. [Lookout via PCWorld]

Image credit: Padlock from Shutterstock