Not Compatible Malware a threat to Mobile users of Enterprises

NotCompatible.A, which researchers discovered in 2012, acted
as a proxy on infected devices, but it didn’t cause any direct damage. The
mobile malware’s authors did not use a complex command and control (C&C)
architecture and communications were not encrypted, making it easy for security
solutions to detect its activities.

New features in NotCompatible.C

The latest version of the threat, NotCompatible.C, is far
more complex. According to Lookout, the authors have made it more difficult to
detect and resilient to takedowns by implementing features usually found in
mature PC-based malware.
Not Compatable C. uses peer-to-peer (P2P) communications
between infected devices, which makes it resilient to IP and DNS blocking, and
it relies on multiple C&C servers that are geographically distributed,
which enables the malware to function properly even if law enforcement
authorities manage to shut down individual servers.
The malware’s authors have also started encrypting all
C&C and proxied traffic, making it difficult for network security solutions
to identify the malicious traffic. Furthermore, public key cryptography is used
for mutual authentication between C&C servers and clients.
In an effort to protect their infrastructure, the
cybercriminals use a gateway C&C to analyze incoming connections, and block
those that come from IP addresses that are not trusted.
NotCompatible.C distribution and use
NotCompatible.C is distributed through spam campaigns and
compromised websites. The attackers are not leveraging any exploits, but
instead rely on social engineering to trick potential victims into installing
the threat on their mobile devicese. One of the distribution campaigns observed
by Lookout used the classic “security update” ruse.
According to the security firm, the cybercriminals have
acquired compromised websites and accounts in bulk. In one of the spam runs
seen by researchers, only Yahoo accounts had been used. In a different
campaign, the attackers used only compromised AOL accounts.
These techniques have been successful. Lookout says its
solutions have blocked hundreds of thousands of infection attempts in the
United States and other countries around the world. In the U.S. for instance,
NotCompatible reached encounter rates of more than 1% at its peak, researchers
Read full Article at securityweek
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...