Android malware being automatically distributed from hacked websites looks like it’s being used to mask online purchases, and could be part of a fraud gang’s new push into mobile, researchers said today.
“The malware essentially turns your Android phone into a tunnel that can bounce network traffic off your phone,” said Kevin Mahaffrey, co-founder and CTO of Lookout Security, a San Francisco-based firm that focuses on Android.
Lookout first published information about the new malware, dubbed “NotCompatible,” on Wednesday. Further analysis, however, has revealed the most likely reason why cyber criminals are spreading the malware.
“There are a couple of ways they can profit from this,” said Mahaffrey in an interview. “One is general online fraud, the other is targeted attacks against enterprises. We haven’t seen any evidence [of the latter], and have confirmed that it is engaged in online purchasing activity.”
Once installed, NotCompatible turns an infected Android device into a proxy, through which hackers can then direct data packets, in essence disguising the real source of that traffic by using the compromised devices as middlemen.