May 03, 2012, 2:15 PM — Android smartphone users should be on the lookout for hacked websites that automatically download an app onto your phone in an attempt to trick you into installing malicious code. For what may be the first time ever, analysts at Lookout Mobile Security are warning of a so-called drive-by download attack specifically targeted at Android devices. The attack uses infected websites to try to install a Trojan horse called NotCompatible onto your phone. If installed, the Android malware could let hackers use the phone as an intermediary access point, or proxy, to break into private computer networks. There is also some speculation that NotCompatible could add your phone to a botnet.
However, while NotCompatible sounds scary, it is not a threat if you use common sense and never install anything on your phone that you don't trust or don't remember downloading. Here's what Android users need to know about NotCompatible.
How was NotCompatible discovered?
The Trojan first surfaced when a Reddit user named "georgiabiker" discovered NotCompatible by chance and brought the malware to the Reddit community's attention. Reddit is a social news site and message board.
Who's at Risk?
NotCompatible can only infect people who have enabled sideloading -- the ability to download apps from unofficial sources -- for their device, according to Lookout. Sideloading is enabled on your phone by going to Settings>Applications and then tapping the "Unknown Sources" check box.
Keep in mind that even if you have sideloading enabled, getting infected still requires explicit user action.
OK, So How Do I Get Infected?
Any Android user arriving at an infected site using the phone's browser will automatically download a file called "Update.apk."
If you have sideloading enabled, a screen will pop-up asking you to install an update named com.Security.Update or something similar. Any user who then installs the application will get infected.
If you are not sideloading apps, you will not be able to install the Trojan, Lookout says.
What Does It Do to My Phone?