Not Compatible Malware a threat to Mobile users of Enterprises


NotCompatible.A, which researchers discovered in 2012, acted
as a proxy on infected devices, but it didn’t cause any direct damage. The
mobile malware’s authors did not use a complex command and control (C&C)
architecture and communications were not encrypted, making it easy for security
solutions to detect its activities.

New features in NotCompatible.C

The latest version of the threat, NotCompatible.C, is far
more complex. According to Lookout, the authors have made it more difficult to
detect and resilient to takedowns by implementing features usually found in
mature PC-based malware.
Not Compatable C. uses peer-to-peer (P2P) communications
between infected devices, which makes it resilient to IP and DNS blocking, and
it relies on multiple C&C servers that are geographically distributed,
which enables the malware to function properly even if law enforcement
authorities manage to shut down individual servers.
The malware’s authors have also started encrypting all
C&C and proxied traffic, making it difficult for network security solutions
to identify the malicious traffic. Furthermore, public key cryptography is used
for mutual authentication between C&C servers and clients.
In an effort to protect their infrastructure, the
cybercriminals use a gateway C&C to analyze incoming connections, and block
those that come from IP addresses that are not trusted.
NotCompatible.C distribution and use
NotCompatible.C is distributed through spam campaigns and
compromised websites. The attackers are not leveraging any exploits, but
instead rely on social engineering to trick potential victims into installing
the threat on their mobile devicese. One of the distribution campaigns observed
by Lookout used the classic “security update” ruse.
According to the security firm, the cybercriminals have
acquired compromised websites and accounts in bulk. In one of the spam runs
seen by researchers, only Yahoo accounts had been used. In a different
campaign, the attackers used only compromised AOL accounts.
These techniques have been successful. Lookout says its
solutions have blocked hundreds of thousands of infection attempts in the
United States and other countries around the world. In the U.S. for instance,
NotCompatible reached encounter rates of more than 1% at its peak, researchers
noted.
Read full Article at securityweek
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Top 5 Techniques Hackers Use to hack Social Media Accounts

These days, Social Media have become a significant need in our everyday life. It encourages us to associate and connect with anyone over the...

5 Top Programming Languages for Hacking

We live in the 21st century, which is very fast-changing. This is a century of competition for information and computing resources. Every year the...

OSINT Tutorial to Track An Aircraft And Flight Information In Real-Time

No doubt Internet is said to be the world's largest repository of data and information. It contains an enormous amount of data related to...

Preventing SQL Injection in PHP Applications

SQL injection is one of the most common cybersecurity threats and as the name suggests, it is a form of injection attack. Injection attacks, on...