Not Compatible Malware a threat to Mobile users of Enterprises


NotCompatible.A, which researchers discovered in 2012, acted
as a proxy on infected devices, but it didn’t cause any direct damage. The
mobile malware’s authors did not use a complex command and control (C&C)
architecture and communications were not encrypted, making it easy for security
solutions to detect its activities.

New features in NotCompatible.C

The latest version of the threat, NotCompatible.C, is far
more complex. According to Lookout, the authors have made it more difficult to
detect and resilient to takedowns by implementing features usually found in
mature PC-based malware.
Not Compatable C. uses peer-to-peer (P2P) communications
between infected devices, which makes it resilient to IP and DNS blocking, and
it relies on multiple C&C servers that are geographically distributed,
which enables the malware to function properly even if law enforcement
authorities manage to shut down individual servers.
The malware’s authors have also started encrypting all
C&C and proxied traffic, making it difficult for network security solutions
to identify the malicious traffic. Furthermore, public key cryptography is used
for mutual authentication between C&C servers and clients.
In an effort to protect their infrastructure, the
cybercriminals use a gateway C&C to analyze incoming connections, and block
those that come from IP addresses that are not trusted.
NotCompatible.C distribution and use
NotCompatible.C is distributed through spam campaigns and
compromised websites. The attackers are not leveraging any exploits, but
instead rely on social engineering to trick potential victims into installing
the threat on their mobile devicese. One of the distribution campaigns observed
by Lookout used the classic “security update” ruse.
According to the security firm, the cybercriminals have
acquired compromised websites and accounts in bulk. In one of the spam runs
seen by researchers, only Yahoo accounts had been used. In a different
campaign, the attackers used only compromised AOL accounts.
These techniques have been successful. Lookout says its
solutions have blocked hundreds of thousands of infection attempts in the
United States and other countries around the world. In the U.S. for instance,
NotCompatible reached encounter rates of more than 1% at its peak, researchers
noted.
Read full Article at securityweek
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Top 10 things to Do After Installing Kali Linux

Kali Linux is considered to be one of the best hacking distribution of this era, it is developed by Offensive Security to give an...

Become a spy in your own right with Xnspy Android spying app

Having become widely popular among parents and employers, spying apps have become quite the norm nowadays. Android spying apps have made it a lot...

e-Services Portals Potentially Expose Government Infrastructure to File-based Attacks

More and more users are embracing technology to perform their day-to-day activities. It’s not only private businesses that are forced to establish digital channels...

What is Nmap? How to use Nmap for Information Gathering

Nmap stands for Network Mapper, a powerful network scanning and host detection tool that is being used to perform reconnaissance in a very first...