
'Sophisticated' Android malware hits phones - alexbash
http://www.bbc.com/news/technology-30143283
======
ufmace
I noticed this has the smell of press-release-as-a-news-report, with Lookout
being an Android security company, and them being pretty much the only source
in the article. Makes me a little skeptical on how big of an issue this really
is. I wonder if there's any solid estimates on what percent of devices are in
these phone botnets, and in what regions.

I would be interested in knowing more about how they actually compromise
individual devices, but the article, and the linked Lookout blog post, seem
light on those details.

------
zxcdw
Hmm.

> Mobile security firm Lookout said the bug, called NotCompatible, was the
> most sophisticated it had seen.

> The cyberthieves behind the bug had recently rewritten its core code to make
> it harder to defeat, it said.

> The bug first appeared in 2012 and was now on its third iteration

Am I misinterpreting this, or is it common to refer to malware as "bug"? What
a nice source of confusion for a programmer! It almost seems as if it is done
on purpose to coin a new term.

~~~
Someone1234
I assume they're using the other definition of the term "bug" as in "you
caught the cold bug." It might be local (UK specific) slang though that
catching a "bug" is akin to catching a disease or virus.

~~~
gadders
Never heard of that.

Regards,

A Brit.

~~~
nilliams
Well ... it _is_ pretty commonly used in the UK to mean disease/virus etc.
such as 'a stomach bug', but I still don't think that excuses or explains its
usage in this article. To me that just reads like a poor use of technical
terminology.

But yeah as another commenter noted this article is aimed at a non-technical
audience.

------
exo762
[https://blog.lookout.com/blog/2014/11/19/notcompatible/](https://blog.lookout.com/blog/2014/11/19/notcompatible/)

This blogpost delivers both technical details AND better writing.

------
gadders
Not sure if it's related, but when browsing sites on my phone I have noticed a
lot of ads on websites that redirect you either to a page with an Android
download on it, or to a specific game in the Play store. You leave the page
you wanted to look at entirely.

~~~
flyinghamster
I've gone to Firefox+AdBlockPlus on my Android phones, after getting one too
many Play Store popups. It makes browsing a lot less aggravating. No, I don't
want to play Candy Crush.

On PCs, I prefer using NoScript instead, but NoScript could get kind of
bothersome on a phone.

~~~
wernercd
"Do you want to install our Android app?" ugh. If I did, I'd be LOOKING YOU UP
IN PLAY!

Probably the most frustrating thing. Rooted phone, with adblock installed,
using Chrome.

------
cgtyoder
Are there any current methods of detection? What about this warning of "any
app that required a security update to be installed before it was run" \- what
is that going to look like? A standard Android warning/request dialog?

~~~
vetinari
> A standard Android warning/request dialog?

No, Android does not have standard dialog that requests do make security
updates.

There is a notification/activity, that alerts you, when system update is
available.

In some rare cases, there may be messagebox telling you, that Google Play
Services need to be updated (and after tapping OK, it opens Play Store for
you).

What the article describes, is more like drive-by-installation malware. You
need to enable unknown app sources (and acknowledge the warning dialog), as
well as verify apps. Then you need to download apk and install it.

To make comparison with PCs, it is similar to some random web site persuading
you to download random binary and run it as root.

~~~
dmix
> No, Android does not have standard dialog that requests do make security
> updates.

OTA updates are in all modern Android devices and it does ask you to update
when new versions come out. They aren't security patches necessarily or
communicated that way though, they are OS updates, that reflash your phone.

------
jgh
Maybe it's the jet lag talking but it seems like the tenses are all messed up
in this article, for example "was now" is used in places where they're
speaking about the present status of the malware.

------
tjbiddle
Hm, I don't see any reference to an exploit that's being used. What versions
of Android does this affect? It says 2012, so this could very well have been
eradicated.

~~~
kllrnohj
The exploit is social engineering:

"NotCompatible is being spread via spam and websites seeded with booby-trapped
downloads"

