OPS Technical SolutionsWelcome
Lookout Mobile Security, a security company, has discovered an Android ‘drive-by’ malware that is used to infect Windows computer systems. Discovered on a number of websites, the odd Trojan is distributed using a webpage containing a hidden iFrame.
Any Android browser visiting an affected page (the attack ignores PC browsers) will automatically start downloading the malware without the user being aware what has happened. The malware is not quite a PC drive-by attack because the app needs to be installed by the user. It relies on the user having ticked the ‘Unknown Sources’ box, which is in most cases unchecked.
The rough equivalent of this layer on a Windows Vista or Windows 7 PC would be the User Access Control (UAC) which is usually circumvented using social engineering or by misrepresenting the nature of the application.
The purpose of the infection is a bit of a mystery. “This specific sample, while relatively well constructed, does not appear to go to great lengths to hide its intended purpose: it can be used to access private networks,” commented Lookout Mobile Security in its blog post.