Are You Your Employer's New Threat!

In this article they are warning Android users to be aware that there’s a malware that is infecting mobile handsets of Android users. This malware is infecting these Smartphone’s running Google’s Android operating system when the Smartphone is use to access one of a dozen websites that have the malware. The way these sites are doing the infecting is by using an iframe tag that is included in the site which links the Smartphone to the malicious software that is then downloaded automatically once the site is visited. It does this by prompting the owner of the Smartphone to install the downloaded app. The researchers make note that this is the first time hacked websites are being used to target and infect mobile devices. These installations are only possible on phones configured to run apps that are acquired from other sources than Google Play market. When someone visits these websites that don’t have an Android it returns an error message that prevents malicious activity from happening. Research shows that at the current time the malware appears to serve as a simple TCP relay or proxy while it is posing to be a system update. Even though at this time it doesn’t seem to cause any direct harm to the mobile devices the concern about this Android Trojan called NotCompatible is it could be used to gain illicit access to private networks if the infected Android was to be used as a proxy.

I wonder how employers will be handling this new threat when the majority of employees have Smartphone’s. I don’t know how many are using the Android operating system by Google but I’m sure it is a large number. This just may be hacker’s newest way of trying to hack a company’s files by gaining access from the inside. In the article they mentioned that “the company’s security app automatically blocks installation of the software.” I got the impression they were talking about the researchers company but it was unclear exactly what company they were talking about. This would be a good solution for a company if this was an accessible security app that other companies could install to protect their networks from being compromised. 

http://arstechnica.com/gadgets/news/2012/05/android-users-targeted-for-the-first-time-in-drive-by-download-attacks.ars?clicked=related_right