Android malware uses drive-by downloads to infect devices


If there ever was a reason to not set your Android device to accept programs from unknown sources, here it is. The H Open is reporting that malware writers have hacked several websites with the intention of delivering malware packages to Android devices that visit the pages. The malware has been dubbed NotCompatible by Lookout Security and embeds itself in the bottom of the webpage as an iframe. When an Android user arrives at the page, a file called update.apk starts downloading automatically.

Here’s the catch though – the file is only offered up for installation if the user of the Android device has his/her “Unknown Sources” setting in the system preferences enabled. Otherwise, the installation would be blocked. The malware seems to be simple TCP relay/proxy which could be used to access private networks, which could be used to infiltrate private networks like those used in businesses and such.

Source:  H Open