More than a million Android handsets have been infected with a spam malware that can virtually control the users’ smartphones or tablets. Since Jan.2013, about 4.5 million Americans have downloaded the complex malware, according to the security company Lookout.
The malware called “NotCompatible” have been improved by the hackers and is it in third version making it complex and harder to detect. With the aim of targeting smartphones the malware has been injected in leading sites and is automatically downloaded to Android devices or via spam messages, app updates or weight loss ads. Security Analyst at Lookout Jeremy Linden stated that the hackers brought the malware to a different operational level.
“This is the most technically sophisticated threat we are facing and it’s the most worrying to us,” said Linden.
About 20,000 devices a day were infected through spam messages though the duration of the method was not mentioned. The bug, first detected in 2012, has been improved in a way to target desktop computers with the aim of infecting a range of Android devices and controlling them. The hackers then turn the devices into botnet, which is rented out to spammers or users for buying movie tickets or any other items in bulk.
Lookout mentioned that the third-version of the malware came with -end-to-end encryption, peer-to-peer networking technologies and sophisticated codes that kept the malware in stealth mode. Eldar Tuvey, security analyst at Wandera stated that cyber criminals were targeting more smartphones as users, not consider the device as a central part of their life. He added that malware like Wireurker and Masque that targets Apple devices also showed the growing confidence of hackers.
The malware has the ability to communicate with other infected devices and is managed by a central system of the hackers that is encrypted. Lookout said that its Android app is capable of detecting the “NotCompatible” malware and users are advised to exercise restraint while downloading apps from untrusted sites.
[ Source ]