A new batch of hacked websites pose a new threat to mobile devices
running Google's Android operating system, a computer security firm
warned.
Lookout said
the sites serve "NotCompatible," a new Android Trojan that appears to
serve as a simple TCP relay and proxy while posing as a system update.
"This threat does not currently appear to cause any direct harm to a
target device, but could potentially be used to gain illicit access to
private networks by turning an infected Android device into a proxy," it
said.
Potentially, it said an infected Android
device may be used to gain access to normally protected information or
systems, "such as those maintained by enterprise or government."
Also, it pointed out this appeared to be the first time that
compromised websites have been used to distribute malware targeting
Android devices.
Lookout said that if a user
visits a compromised website from an Android device, the mobile web
browser will automatically begin downloading the NotCompatible app named
"Update.apk."
But a user will still need to install the downloaded application before a device will be infected.
To actually install the app to a device, it must have the “Unknown
sources” setting enabled. If the setting is not enabled, the
installation will be blocked.
"Based on our
initial investigation, we’ve confirmed that a number of websites have
been compromised. However, affected sites appear to show relatively low
traffic and we expect total impact to Android users to be low," it
added.
Lookout said suspicious applications are currently served from the following sites:
- gaoanalitics.info
- androidonlinefix.info
0 comments:
Post a Comment