Android Malware and Corporate Networks Security
A new Android Trojan dubbed "NotCompatible"
is being spread through compromised Web sites. This may directly affect Android
tablets and smartphones, along with being a potential risk hazard to corporate
networks and their security.
Kevin Mahaffrey is co-founder and
CTO of a San Francisco based firm called Lookout Security. The main focus of
the company is Android and during their investigations it was found there was a
new malware out there. Called “NotCompatible” the Android malware is,
according to Mahaffrey, a risk to corporate networks.
According to their report, a hacked
Web site would contain a hidden iFrame at the bottom of the page. When the
Android browser loads the page, it will attempt to load the file in the hidden
iFrame. Upon loading the file, the browser would transfer control to the app
loader, which would display an application installation screen, with the header
com.Security.Update. An unsuspecting user might install the app, and thus
infect their Android device.
Fortunately, the malware isn’t very
stealthy. Mobile malware threats are not as widespread as those targeting
PCs. Criminal hackers are experimenting with different business models for
mobile devices, such as tricking users into subscribing to pay-text-message
services that the criminals control.
Android app security holes have long
been a concern because of the mobile operating system's more open architecture
and the app market's less stringent standards for developers than others such
as Apple's iOS or Research In Motion's BlackBerry OS.Earlier this year, Google
said it was using a service called Bouncer that automatically polices
its app market and takes down offenders before they strike.
Mahaffey, who studied Internet
browsing data from Android gadgets to draw his conclusions, said an attacker
could latch on to a business or government network if an employee whose Android
device has been infected with NotCompatible accessed their corporate
information via Wi-Fi.
With over 600 million Android
devices in the world, the purveyors of malware will always be seeking ways to
infect your Android device. The worst kind of update you can download to your
machine is one that you didn’t ask for and don’t know where it comes from.
Source: thehackernews.in
