Malicious software said to spread on Android phones
For years security researchers have warned that it was only a matter of time before nasty digital scourges like malicious software and spam would hit smartphones.
Now they say it is has finally happened.
A particularly nasty mobile malware campaign targeting Android users has hit between four million and 4.5 million Americans since January of 2013, according to an estimate by Lookout, a San Francisco mobile security company that has been tracking the malware for about two years.
Lookout first encountered the mobile malware, called NotCompatible, two years ago and has since seen increasingly sophisticated versions. Lookout said it believes, based on attempted infections of its user base of 50 million, that the total number of people who have encountered the malware in the United States exceeds four million.
Criminals infect smartphones primarily by infecting legitimate websites with malicious code. When victims visit the site from their mobile phone, they inadvertently download the code, in what is known as a 'drive-by download.'
In other cases, the attackers sent spam from hijacked email accounts to their victims. That technique, Lookout's researchers say, successfully caused more than 20,000 infections a day. More recently, researchers say, attackers have been tricking their victims into installing the malicious code by disguising it as a 'security patch' in an email attachment. In others, spam emails advertised weight loss solutions with a link that served up malware to Android users.
The attackers goal, researchers say, is to infect as many smartphones as possible and turn them into a so-called botnet, a network of infected devices that can be used by attackers for various malicious purposes. Lookout's researchers say there is evidence that Not Compatible's authors are renting out control of infected mobile devices to people who have used them to simply send out more spam or buy up event tickets in bulk from from Ticketmaster, Live Nation, EventShopper and Craigslist. Some have used infected devices to try to crack WordPress accounts.
Lookout says the malware, now on its third iteration, allows infected devices to search for and communicate with other infected machines and share intelligence. Attackers also have found a way to encrypt communications between their command and control center and infected devices, which makes it more difficult to detect and decipher.
The latest version, Lookout said, 'has set a new bar for mobile malware sophistication and operational complexity.'
All this malicious activity can be costly. The criminals are incurring data charges on phones that, ultimately, victims are held responsible for. As if that weren't annoying enough, researchers say the malware causes tremendous battery drainage.
As with most malware discoveries, Lookout, the company sounding the alarm, has a stake in raising concerns about the security of mobile devices. Its mobile security application, which is available for both Apple's iOS and Android-powered smartphones, is able to identify the NotCompatible malware and keep it from infecting Android devices that have downloaded the Lookout app.