Creating an Android malware application can be quite easy even for a beginner in developing of software applications. Take an existing application, disassemble it with all the available tools which can be found online, change the code, make it open-source and upload it onto a third-party application store. Voila! You have malware (depending on what the requests in the code you’ve changed were, of course).
Despite the big number of such simple applications from time to time a “master”, worth competing even the most complicated Windows malware, appears. A recent post from the Lookout anti-virus providing company revealed details about the most complicated Android malware known so far.
The NotCompatible „Master”
Lookout revealed their list with top four Android malwares recently, shortly followed by a quite detailed report on this one. It’s called NotCompatible, and we offer you some insight on what it exactly does below.
The Lookout researchers are following NotCompatible for more than two years now. This is a very long time for malware to survive, even if being complicated.
→“Because of its sophistication, NotCompatible has become the longest running mobile botnet we’ve ever observed, in operation since 2012. Take, for comparison, another mobile botnet we found in 2012 called SpamSoldier. It infected phones for the purpose of sending spam SMS messages without the user’s consent. However, because it didn’t have the same technological maturity, we were able to work with carriers and had the botnet taken down within weeks.” , the post says.
NotCompatible is a malware for rent, Lookout researchers state. It is being lent to spammers to use for their latest spam attacks, to ticket schemers so they can shop wholesale online tickets, to hackers to breach web-sites. It seems the malware is a multi-functional tool.
How NotCompatible Works
The malware consists of two main parts. One of them is infecting machines, the other affecting the control and command of servers. If users restrict the servers and isolate the affected machines, they can remove every malware in theory. This doesn’t look that easy with NotCompatible though.
To begin with, it has been found on at least ten different Gateways of Command and Control servers. This makes it quite hard for users to isolate all at once.
→“NotCompatible.C, however, employs a two-tiered server architecture. The gateway command and control (C2) server uses a load balancing approach, in which infected devices from different IP address regions are filtered and segmented geographically, and only authenticated clients are allowed to connect. Not only does this model bring client usage efficiency, our research suggests that it also aids in avoidance of discovery. We suspect that the gateway C2 makes it difficult for behavioral analysis systems and researchers to pick up on traffic.” , Lookout researchers say.
NotCompatible is taking advantage of Android vulnerabilities. It tricks the victims to install security patches, for example, and by doing so they are being infected with malware at the same time. Wise!
The full text of the Lookout report describes exactly how NotCompatible works. It controls the victims’ communication and can be effective in protected networks as well. The company’s researchers information is that the botnet might have been infected quite a lot of corporate networks already.
Protect Your Android Device
To protect your Android device from the malware you need to be extremely alert. Do not click on random links from suspicious-looking email messages and stick to downloading applications only from the Google Play Store or another official application store. Although these are not perfect as well, they are much safer than third-party online stores.
The other thing you can do is protect your device with a security-orientated tool made for Android devices.