Researchers at San Francisco-based mobile security company Lookout have uncovered a malware that allows attackers to infiltrate secure enterprise networks via compromised Android devices. Dubbed NotCompatible.C, the malware is an evolved version of an existing Trojan called NotCompatible that was first discovered two years ago.
The report notes that NotCompatible.C operators do not use any known exploits, instead they rely on social engineering tactics to trick victims into completing installation of the malware. For example, they send spam emails informing users that they need to install a “security patch” in order to view an attached file, or emails advertising weight loss solutions with a link.
The malware presents attackers with an opportunity to infiltrate protected networks by allowing them to access any network a mobile device is connected to, including corporate Wi-Fi and VPNs. It is resilient to network-based blocking, as it uses a P2P protocol and has multiple, geographically-distributed Command and Control (C2) servers, and offers protocol-level encryption, something which can prevent network security systems from being able to differentiate malicious traffic from legitimate traffic.
"NotCompatible.C has set a new bar for mobile malware sophistication and operational complexity," the company said in a blog post. "This malware is a prime example of how mobile malware complexity is advancing and is borrowing technical tactics already seen in PC malware."
Researchers say the attackers' goal is to create an army of infected devices that can be used for various malicious activities including spam campaigns, bruteforce attacks, and more.