Lookout Mobile Security identified an industry first this Wednesday, discovering a malicious software package specifically designed to download to Android phones from hacked websites.
The trojan, called NotCompatible, comes in the guise of an automatically downloaded update file (Update.apk), which requires user confirmation to install.
Ice Cream Frontier
Hacking is old news, but NotCompatible represents the inception of what could be a new wave of malicious software distribution via websites.
According to Mahaffrey, "This is the first time that [hackers] have used legitimate websites to serve Android malware," though it's far from being the first downloadable, Android-specific trojan.
"We see Android malware all the time," added Mahaffrey, "but it's usually served using social engineering."
And it's no surprise that hackers are turning their attention towards these devices. With the recently-unveiled Samsung Galaxy S3 hitting markets later this month, the Android platform is poised to take 50 percent of the mobile market share.
Lookout is still investigating NotCompatible, but is using this attack to begin adapting to the changing landscape of mobile device vulnerabilities.
For now, Android phone manufacturers may only find solace in the timeless words of Notorious B.I.G., "Mo' money, mo problems."
Via PCWorld, Lookout Security