How Drive-By Malware Works On Android

Drive-by downloads have long been a niggling threat for desktop computer users. Now they're potentially an issue for Android mobile owners as well.

A quick refresher: a drive-by download is malware that installs itself when you visit a specific web site. In some cases, the malware will exploit vulnerabilities in your browser or OS to install without you even being aware. More commonly, a download/installation dialog will appear, but will masquerade as something else, causing unwitting users to install it anyway.

McAfee's most recent threats report highlights a number of new threats on Android. Android remains far and away the most commonly targeted platform for malware developers (a result of its relatively open architecture and massive popularity). One recent malware variant for Android is specifically designed as a drive-by download:

Drive-by downloads arrived for Android this quarter with Android/NotCompatible.A. Similar to driveby installs on the PC—simply visiting a site infects your computer—mobile drive-by downloads drop malware on your phone when you visit a site. A victim still needs to install the downloaded malware, but when an attacker names the file Android System Update 4.0.apk, most suspicions vanish.

At least this variant doesn't automatically install itself (a difficult task in the Android environment), but naming the update to suggest it will offer Ice Cream Sandwich (Android 4.0) is a clever trick. Always be suspicious of any updates that present themselves while you're browsing on a phone.

Whether you're on a mobile device or a desktop, good security practices (running security software, not clicking on unknown email links, and not installing software without careful consideration) are the best way to avoid these sorts of threats.

McAfee

WATCH MORE: Tech News

Comments

    Don't you need to explicitly enable installation of applications from non-Market sources before you'd be vulnerable to this sort of thing?

      Yes you do. If like most Lifehacker users you have Avast or Lookout installed I expect they'll catch these too. I guess this is just McAfee trying to catch up in the mobile space by doing some self advertising.

      Personally I recently switched from Lookout to Avast. From what I've seen, Avast does everything Lookout did only better and free.

    What was this going to do? Just a bit more advertising floating around? Or some serious crap?

    What proportion of people have "allow installation of applications from non-Market sources" enabled? Since that's not the default I'd suggest this drive-by thing isn't a problem for very many people, if any at all... Sounds like a theoretical scary story created by McAfee- who make terrible AV by the way (for PC). It's seriously uninformative, memory hogging and un-userfriendly slow rubbish. Worst I have ever used.

    Can someone please confirm for me - if you only download apps from GooglePlay, the apps have been checked and you are safe?

      Dirty, that's the safest option - but as with everything there are no guarantees - people are constantly changing their malware to try to make it bypass the checks in place at Apple and Google.

      It also helps to keep an eye on the other signals like whether the app is a 'Staff pick', 'Editors Choice', 'Top developer' or has been downloaded by a lot of people.

Join the discussion!

Trending Stories Right Now