[WARNING] Hacked websites auto-downloading malware to Android devices

[r314bd]

Just saw a thread about this on reddit. Someone was browsing his local pest control company's website on his Android device and a split second after visiting the page, a download masquerading as an official update.apk started automatically. Apparently legitimate websites are now being unwittingly infected by this malicious code.

A rep from Lookout posted in the thread saying they just added the exploit ("NotCompatible") to their file system monitoring/install monitoring...but it was only added within the last couple hours so be warned that this stuff is popping up, and if you aren't using some sort of anti-virus software with download monitoring on your device, you probably should.

EDIT: Lookout just added a blog post about it on their website.

 

[jntdroid]

thanks for sharing that!

 

[JSM9872]

Thanks for the heads up SGM.

 

[CJM]

Nice to know, thanks.

Tapped from a Galaxy Nexus using Xparent ICS

 

[Adam74]

I had no idea. Thank you for the heads up!!

 

[JeffDenver]

Just an FYI...in order for this attack to work, your phone has to have "accept APKs from unknown sources" checked in your settings. This is something that is NOT checked by default, so unless you have deliberately enabled it, you are automatically immune to this attack.

In order to actually install the app to a device, it must have the “Unknown sources” setting enabled (this feature is commonly referred to as “sideloading”). If the device does not have the unknown sources setting enabled, the installation will be blocked.

The Official Lookout Blog | UPDATE: Security Alert: Hacked Websites Serve Suspicious Android Apps (NotCompatible)

From what I understand, even then you will still be prompted to install. It won't ninja install. I don't think any APKs can do that, even official ones. You don't need any security apps like Lookout installed. You can be immune to this attack using only native tools.

 

[dolpns13]

Just an FYI...in order for this attack to work, your phone has to have "accept APKs from unknown sources" checked in your settings. This is something that is NOT checked by default, so unless you have deliberately enabled it, you are automatically immune to this attack.

From what I understand, even then you will still be prompted to install. It won't ninja install. I don't think any APKs can do that, even official ones. You don't need any security apps like Lookout installed. You can be immune to this attack using only native tools.

Where is this option in the settings?

 

[r314bd]

Where is this option in the settings?

Settings -> Applications -> Unknown sources

 

[rherron]

No Amazon App Store without checking off to allow installation of non-Market applications.