Smart malware campaign attacks only Android

Smart malware campaign attacks only Android

Summary: A recent email campaign contains links that send most users to a conventional spam site, but Android users get Android malware.

SHARE:

A recent spam campaign exhibits more than the usual amount of cleverness, as described by Jim Clausing at the SANS Institute.

Clausing investigated a suspicious email of a type that was spreading several weeks ago. It contained a link which, when followed on most platforms, went to a typical spam site. When followed on Android, it distributed Android malware.

I received a similar email with the same domain links in it and the same general characteristics. Here is mine:

android.malware.spam

I haven't blurred out the link because, as Clausing reports, there is no longer malware there. When I test the URL from Chrome on a PC, I am redirected to a Canadian pharmacy site, a classic spam target as Clausing says. When I test it from Chrome on Android, I am redirected to the root of the domain, which says that the domain is for sale. I am not served any malware. So the malware itself has been taken down, but the OS-specific redirect (which then used a META refresh tag to serve the malware when it was still up) is still in place and the spam links still functional.

The malware itself, according to Clausing, was the latest version of "DroidNotCompatible." Based on some Googling, this appears to be the malware usually called "NotCompatible" and which comes in a file named update.apk.

In order to run the attack, one must first enable installs from untrusted sources in Android settings and then choose to run the APK from the downloads folder. So it's far from a true drive-by, but it's still interesting that it downloads only on Android devices.

Click here to read about AV-Test's comparison of 31 Android security apps.

Topics: Security, Android, Mobile OS, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Android Malware? The problem is the user!

    Why in the world would anyone click on something like is shown. I am very careful in things that I click on in e-mail. I also have AVG on one Android Tablet and Avast on the other, and as far as I can see have never suffered any malware infections. All of my apps and updates come through the Google Play store, so things like that there would be very rare. Most of my e-mails are rather benign and I also would not click on anything that I didn't have any idea what it was for. Just be careful and likely you will not suffer these type of infections. Also have an Anti-Virus program installed.
    rgeiken@...
  • According to the fandroids

    Malware is a Microsoft problem and only their users have it, not the smart fandroid types, oh wait...
    hoppmang
  • A non story

    1) Disable trusted sources

    2) download APK

    3) actually manually have to run it.

    Quite frankly you have to be a complete idiot to fall for this. At least it's this hard on Android. With windows no user action required or one click and BOOM.
    Alan Smithie