(via Android users targeted in drive-by download attacks | Ars Technica)
Almost a dozen sites are actively targeting Android users with malware that could gain access to corporate networks and other protected systems, security researchers said. They note it’s the first time compromised sites have been used to infect users of a mobile handset.
The malware, dubbed NotCompatible, is being transmitted by websites when they’re accessed on smartphones running Google’s Android operating system. This is according to a blog post published Tuesday by researchers from Android antivirus provider Lookout. An iframe tag included in the sites provides a link to malicious software that’s automatically downloaded after the site is visited. The sites then provide notifications prompting end users to install the downloaded app. Installation is possible only on phones that have been configured to run apps acquired from sources other than the Google Play market.
“Hacked websites are frequently used to infect PCs with malware,” Lookout researchers wrote in Wednesday’s post. “However, today we have identified the first time hacked websites are being used to specifically target mobile devices.” The company’s security app automatically blocks installation of the software…