A notorious Android Trojan program used to operate a long-running mobile botnet has been updated and could now pose a threat to corporate networks.
The malware has previously been used to send spam messages and make bulk ticket purchases, but is now capable of using infected devices as proxies meaning businesses could become a target.
The threat is known as NotCompatible and was originally discovered back in 2012. Users visiting compromised websites would automatically begin downloading a malicious Android application package (APK) file, which would then be installed if users accept software from “unknown sources.”
Security firm Lookout has discovered that the malware’s command-and-control (C&C) infrastructure has improved significantly since it launched. The new version of the Trojan, NotCompatible.C, now encrypts its transmissions, making it appear part of legitimate SSH, SSL or VPN traffic. It is also able to form a peer-to-peer network with other infected devices, should the C&C servers be inaccessible.
In a blog post, the Lookout team explained how cybercriminals were evolving to target a mobile-dominated landscape.
“In NotCompatible.C we see technological innovation in a mobile malware system that reaches the levels more traditionally displayed by PC-based cybercriminals," they said.
Lookout analysts also believe the botnet will ultimately be rented to cybercriminals to carry out various illegal activities. In particular, corporate networks could be targeted using the NotCompatible proxy, giving attackers access to sensitive data.
"We believe that NotCompatible is already present on many corporate networks because we have observed, via Lookout's user base, hundreds of corporate networks with devices that have encountered NotCompatible," the firm explained.