NotCompatible.C Android Malware Threatens Smartphones, Tablets, Networks

Posted on December 02, 2014

Smartphones or tablets running any Android operating system are being targeted with a new Trojan Horse virus called NotCompatible. According to PC World writer Ian Paul, the NotCompatible malware threat lurks on infected websites where unsuspecting Android users pick it up.

It's not the first time a widespread malware attack has infected Android devices, and it's not even the first time that NotCompatible malware has attacked phones. But this time the drive-by attack seems to mean business according to Digital Trends writer Jason Hahn. When the malware threat was first observed in 2012, it hijacked more than 4 million Android devices to send spam emails, buy event tickets in bulk, and crack WordPress accounts.

A malware threat first observed in 2012 has evolved and hijacked more than 4 million Android devices to send spam emails, buy event tickets in bulk and crack WordPress accounts. In its new and improved form, the threat is now putting enterprise networks at risk. The current version (dubbed variant C, or NotCompatible.C) now has the ability to infiltrate secure enterprise networks by way of infected devices.

"NotCompatible.C is ultimately a botnet-for-rent; though the server architecture, peer-to-peer communications, and encryption make it a much more formidable threat," according to SanFrancisco-based mobile security firm Lookout. For more details about the security firm's analysis of the threat, read Lookout's report.

For infected Android device users, the NotCompatible.C attack can be costly, according to The New York Times, because users are held responsible for the using data that counts against a user's carrier plan and also because the unintentional activity drains batteries. But for companies who wind up losing data, or having their network compromised by the drive-by downloads that infect employee devices with NotCompatible.C, the end result can be even more costly.

"This malware threat, unlike the original relatively simple version of NotCompatible, has a sophisticated infrastructure," explains Jared Hansen, CEO of mobile security leader Breezy. "NotCompatible.C is more like the kind of malware used by PC-based criminals who intend to steal corporate data, or compromise secure networks. It protects itself through redundancy and encryption, making it much more sophisticated than the more common types of mobile malware."

How It's Spreading

The so-called "drive-by downloads" that infect devices with NotCompatible.C are especially hard for users to spot, because sophisticated Android application package links called APKs are included in what looks like ordinary email or legitimate websites. In a "drive by" download, all a user has to do in order to become infected is to open the wrong email or visit an otherwise legitimate website that's been hacked to deliver NotCompatible.C.

Digital Trends reports that online security firm F-Secure says that 99 percent of mobile malware threats in Q1 2014 were designed to run on Android devices. Meanwhile, Cheetah Mobile, a company that makes mobile apps to clean, protect and optimize phones, recently reported that 9 percent of Android apps are fully or partially malware.

It's not news to any enterprise IT professional that mobile malware is a threat to the company network, or that Android devices have long been targets for such attacks, Hansen says. "But this one is different. As soon as a device carrying NotCompatible.C is brought into an organization on a mobile device, it could provide the operators of this botnet with access to the organization's network. Using the NotCompatible proxy, an attacker could potentially do anything from enumerating vulnerable hosts inside the network, to exploiting vulnerabilities for an attack, or search for and download exposed data," he says.

How to Protect Your Network

Luckily, Hansen adds, there have been no specific reports yet of a company network that has been compromised by the NotCOmpatible malware. "Companies that have installed high-quality enterprise mobility management (EMM) tools from industry leaders like AirWatch, AppSense MobileNow, Aruba, Citrix, Good Technology, IBM (MaaS360, formerly owned by Fiberlink), MobileIron and Mocana have a big advantage, since they are pro-actively monitoring and security their data from potential threats."

As with other security threats, Hansen says there is no substitute for a well-trained, informed mobile workforce. "Employee behavior is the biggest threat to the security of any company network " but vigilant, well-informed employees are among the biggest protections you can develop as well."

Companies can use a spash screen that appears when employees log on to the network, paycheck stuffers, or email updates to warn employees about holiday threats to their mobile phones, including NotCompatible.C. "The NotCompatible Trojan Horse can only infect Android devices where sideloading has been enabled," Hansen points out. "Sideloading gives the device the ability to download apps from unofficial sources. Showing users how to check whether or not sideloading is enabled on their phone is a great first step in protecting your network from attack."

To see if sideloading is enabled on an Android phone or tablet, go to Settings>Applications and check whether or not the "Unknown Sources" box is checked. If it is checked, remove the check to disable sideloading.

The second step in educating employees about the threat posed by NotCompatible.C is to warn them about refusing permission from any unknown site or application to install anything on their mobile device. Android users arriving at an infected site using the phone's browser will automatically download a file called "Update.apk."

If sideloading has been enabled, a screen will pop-up asking for permission to install an update named com.Security.Update or something similar. Users who install the application get infected " those who refuse permission do not.

For more information on mobile device security and secure mobile printing, watch this video from Breezy, download The Definitive Guide to Mobile Printing, a free ebook, or click here to schedule a demo now.

Easy to deploy and manage

Customers report that Breezy installations are among the easiest they’ve ever seen for an enterprise product.