Remember how nasty those computer viruses could be when they d scramble up your screen and shut down your desktop?
And remember how comforting it was to start using these very safe and virus-protected smartphones without worrying that our ever-ready, hand-held tools could ever be compromised?
Well, you can start worrying now.
According to a post in the New York Times Bits section, researchers have discovered a malevolent assault on Android users all over the United States:
A particularly nasty mobile malware campaign targeting Android users has hit between four million and 4.5 million Americans since January of 2013, according to an estimate by Lookout, a San Francisco mobile security company that has been tracking the malware for about two years.
Lookout first encountered the mobile malware, called NotCompatible, two years ago and has since seen increasingly sophisticated versions. Lookout said it believes, based on attempted infections of its user base of 50 million, that the total number of people who have encountered the malware in the United States exceeds four million.
Lookout says the bad guys pose as Trojan horses, infiltrating our devices by first planting nasty bugs in various websites. When the unsuspecting smartphone user drops by one of those sites, they unsuspectingly download the stuff.
Lookout has a great name for this mischief: They call it a drive-by download.
In other cases, the attackers sent spam from hijacked email accounts to their victims. That technique, Lookout s researchers say, successfully caused more than 20,000 infections a day. More recently, researchers say, attackers have been tricking their victims into installing the malicious code by disguising it as a security patch in an email attachment. In others, spam emails advertised weight loss solutions with a link that served up malware to Android users.
The danger posed is very real:
Lookout says the malware, now on its third iteration, allows infected devices to search for and communicate with other infected machines and share intelligence. Attackers also have found a way to encrypt communications between their command and control center and infected devices, which makes it more difficult to detect and decipher.
So what s an Android user to do? Luckily, Lookout has an answer:
As with most malware discoveries, Lookout, the company sounding the alarm, has a stake in raising concerns about the security of mobile devices. Its mobile security application, which is available for both Apple s iOS and Android-powered smartphones, is able to identify the NotCompatible malware and keep it from infecting Android devices that have downloaded the Lookout app.
Credit: AFP/Getty Images
