Smart malware campaign attacks only Android

Summary:A recent email campaign contains links that send most users to a conventional spam site, but Android users get Android malware.

A recent spam campaign exhibits more than the usual amount of cleverness, as described by Jim Clausing at the SANS Institute.

Clausing investigated a suspicious email of a type that was spreading several weeks ago. It contained a link which, when followed on most platforms, went to a typical spam site. When followed on Android, it distributed Android malware.

I received a similar email with the same domain links in it and the same general characteristics. Here is mine:

android.malware.spam

I haven't blurred out the link because, as Clausing reports, there is no longer malware there. When I test the URL from Chrome on a PC, I am redirected to a Canadian pharmacy site, a classic spam target as Clausing says. When I test it from Chrome on Android, I am redirected to the root of the domain, which says that the domain is for sale. I am not served any malware. So the malware itself has been taken down, but the OS-specific redirect (which then used a META refresh tag to serve the malware when it was still up) is still in place and the spam links still functional.

Featured Review

Hands-on with the CM4 Q Card Case for iPhone 6 Plus: Carry cards while using Apple Pay

Even with Apple Pay serving as your digital wallet, there remains the need for physical cards and that is where the Q Card Case comes in handy.

The malware itself, according to Clausing, was the latest version of "DroidNotCompatible." Based on some Googling, this appears to be the malware usually called "NotCompatible" and which comes in a file named update.apk.

In order to run the attack, one must first enable installs from untrusted sources in Android settings and then choose to run the APK from the downloads folder. So it's far from a true drive-by, but it's still interesting that it downloads only on Android devices.

Click here to read about AV-Test's comparison of 31 Android security apps.

Topics: Security, Android, Mobile OS, Mobility

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.