It’s not just malicious apps you need to be wary of infecting your smartphone. Now, navigating to poisoned websites are a threat, too.
Security researchers have discovered a new malware targeting Android devices that doesn’t take the usual route of embedding itself in an app. The malware, dubbed “NotCompatible,” is instead tucked into websites that try to push the malware onto visitors’ devices, representing a dangerous new technique by hackers to try and access personal data, according to research from Lookout Security and separate findings from Symantec Corp.
Fortunately, the malware isn’t very stealthy. To get infected , you would need to approve the download of the application, which masquerades as a security update. And the handful of known sites distributing it have low traffic, according to Lookout.
“This threat does not currently appear to cause any direct harm to a target device, but could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy,” Lookout researchers wrote on the company’s blog.
Mobile malware threats are not as widespread as those targeting PCs. Criminal hackers are experimenting with different business models for mobile devices, such as tricking users into subscribing to pay-text-message services that the criminals control.
The lesson from the NotCompatible findings is similar to warnings PC users have gotten for years: The worst kind of update you can download to your machine is one that you didn’t ask for and don’t know where it comes from.