Not Compatible Malware a threat to Mobile users of Enterprises

NotCompatible.A, which researchers discovered in 2012, acted
as a proxy on infected devices, but it didn’t cause any direct damage. The
mobile malware’s authors did not use a complex command and control (C&C)
architecture and communications were not encrypted, making it easy for security
solutions to detect its activities.

New features in NotCompatible.C

The latest version of the threat, NotCompatible.C, is far
more complex. According to Lookout, the authors have made it more difficult to
detect and resilient to takedowns by implementing features usually found in
mature PC-based malware.
Not Compatable C. uses peer-to-peer (P2P) communications
between infected devices, which makes it resilient to IP and DNS blocking, and
it relies on multiple C&C servers that are geographically distributed,
which enables the malware to function properly even if law enforcement
authorities manage to shut down individual servers.
The malware’s authors have also started encrypting all
C&C and proxied traffic, making it difficult for network security solutions
to identify the malicious traffic. Furthermore, public key cryptography is used
for mutual authentication between C&C servers and clients.
In an effort to protect their infrastructure, the
cybercriminals use a gateway C&C to analyze incoming connections, and block
those that come from IP addresses that are not trusted.
NotCompatible.C distribution and use
NotCompatible.C is distributed through spam campaigns and
compromised websites. The attackers are not leveraging any exploits, but
instead rely on social engineering to trick potential victims into installing
the threat on their mobile devicese. One of the distribution campaigns observed
by Lookout used the classic “security update” ruse.
According to the security firm, the cybercriminals have
acquired compromised websites and accounts in bulk. In one of the spam runs
seen by researchers, only Yahoo accounts had been used. In a different
campaign, the attackers used only compromised AOL accounts.
These techniques have been successful. Lookout says its
solutions have blocked hundreds of thousands of infection attempts in the
United States and other countries around the world. In the U.S. for instance,
NotCompatible reached encounter rates of more than 1% at its peak, researchers
Read full Article at securityweek
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...