'NotCompatible' Android malware now being spread through spam

Security firm Lookout reports that it has a seen a staggering increase in the number of NotCompatible detections this week. While not a new threat (it first appeared last May), the remote proxy malware has moved on from infecting Android devices through hacked websites and is now spreading via email spam.

Once installed, NotCompatible turns the infected phone into a proxy which is used to commit online fraud, such as through the purchase of concert tickets.

In the past five days alone Lookout says it has detected more than 70,000 infections, peaking at almost 20,000 detections per day between Sunday and Monday, with 95 percent of them located in the US.

The threat is currently being spread from hacked email accounts. It tricks unwary users into clicking a link on their phones which redirects the browser to an "Android Security site" that then attempts to download and install the malware. The emails to avoid mostly have the subject line "Hot News", although I received one from a friend’s hacked account yesterday that was headed simply "Hey!"

If you open the link on a computer or iOS device, as I did (in a controlled experiment), you’ll be taken to a fake Fox News article on weight loss.

To avoid becoming infected, just employ the same commonsense you would when opening an email on your computer. Don’t click any unfamiliar links and don’t open any downloaded files unless you know exactly what they are. You can of course install an antimalware tool on your mobile if you want to be extra safe.

Photo credit: Lookout