A new piece of Android malware called NotCompatible is attempting to spread itself by attacking Android users who visit hacked websites. Android owners are advised to remain vigilant against these attacks.

The malware is notable because it marks the first time this kind of attack is known to have been used against Android devices in the wild. The way it works is simple. A hacked website hosts a malicious app, which is then transmitted to every Android handset that visits the site. It’s a tactic that’s been used against PCs for years but is now making the transition to mobile devices.

Fortunately, Android’s built-in security does a decent job of thwarting the attack. Because apps require permissions the usual permission screen will appear when the malware tries to install itself. Users who have not chosen to allow the installation of unofficial apps won’t be able to complete the installation even if they accept the app.

Still, there is some threat. When the malware appears it poses as a security update and declares a limited number of permissions. This may lure some users into thinking that it’s harmless or even a valid system update. False-flag attacks like this rely on mass distribution. Their creators know most people won’t fall for it – but some small number will.

The app is a trojan, but the payload and/or purpose is unknown. It connects to a command and control server but then does nothing. Of course, the server can send new instructions at any time, and likely will at some point in the future.

Source: Ars Technica via The Lookout Blog