Surfing the web on Android is relatively safe, but a new threat tricks users into installing a trojan that calls itself a security update.
Symantec discovered the Android.Notcompatible threat this week, calling attention to the new threat of user-initiated drive by downloads.
Malware is a problem on Android smartphones, but it is typically reserved for infected fake games and apps found on third-party marketplaces. This new attack can happen on any infected webpage, and relies on tricking the user into installing the malware.
The Android.Noncompatible threat allows the creator to, “route traffic from an infected device to an external source.”, but the real issue comes from what it could be used to do down the road.
Android users must be wary of downloading any update that pops up when they visit a website, and this isn’t just limited to unknown websites or those we think of as hosting malware. In a recently released study, Symantec found that religious websites were three times more likely to host malware than porn sites.
So far the Android.Noncompatible trojan has only shown up on four websites, but it could easily spread to the wide number of hacked websites hosting malware. Most of these hacked sites don’t know they are infected and are distributing the malware unintentionally.
Android updates do arrive eventually, but users should be on the lookout for updates that make an appearance when browsing the web. I suggest closing these updates and checking in Settings -> Updates or Settings -> About Phone -> Updates to see if there is a real update to the phone.
The Android security infographic from Symantec highlights the rise in threats and identifies what malware can do once on an Android phone. Most often these malicious apps and hacks are trying to take your data.
Norton offers protection from some Android malware attacks with the free Norton Antivirus and Security app, which users can count on to scan apps and block malicious websites.