As more and more traffic moves from the desktop to mobile devices, malware has closely followed it. Now, an Internet security firm has discovered the first websites designed specifically to infect Android devices that visit the page with malware.
Lookout Mobile Security discovered the sites, which operate as drive-by malware vectors. That is, if an Android device that isn’t fully patched visits one of these sites, malware will automatically and invisibly install itself on the device.
In this case, the malware is “NotCompatible,” a Trojan that poses as a system update but acts as a proxy redirect. The site checks the victim’s browser’s user-agent string to confirm that it is an Android visiting, then automatically installs the Trojan. Luckily, the number of dangerous sites is still quite low and none of them get much traffic but it does signal the start of a troubling trend.