According to the mobile security firm Lookout, the most recent version of the Trojan malware targeting Android mobile phone users is sophisticated and evasive enough to threaten complex company networks.
Lookout has been tracking the evolution of this particular malicious software, dubbed ‘NotCompatible,’ which is being used to target and infect mobile devices on a large scale. The security company says it believes that as many as 4 million users have had problems with the malware.
The new version, called NotCompatibleC, “has set a new bar for mobile malware sophistication and operational complexity,” warns Lookout. It is “elusive and enduring,” and behaves like “an earthwork with its tail cut off that regenerates and thrives.”
Criminal hackers infect smartphones in several ways—mostly by infecting legitimate websites with malicious code. When victims visit the infected website, they unwittingly download the code.
Sometimes, the hacker-attackers also will send spam to their victims from hijacked email accounts, a method Lookout researchers say has caused more than 20,000 infections a day, according to a report by The New York Times.
In other cases, attackers disguise the malware as a ‘security patch’ attached to an email. They also have sent emails advertising weight loss solutions with infected links to the bogus sites.
Lookout says the hackers’ goal is to infect as many smartphones as possible to create an illegal botnet, a network of infected devices that can be subverted and controlled. Illicit botnets can be used for various nefarious purposes, such as overloading a legitimate service, substitution of banner ads, access to confidential corporate information, or incurring massive data charges on victims’ phones.
Lookout, the Times noted, has a financial interest in raising concerns about malware infecting mobile devices. The company has developed a mobile security application for both iPhones and Android-based smartphones that can protect the devices from infection by NotCompatible malware.