Drive-by downloads have long been a niggling threat for desktop computer users. Now they’re potentially an issue for Android mobile owners as well.
A quick refresher: a drive-by download is malware that installs itself when you visit a specific web site. In some cases, the malware will exploit vulnerabilities in your browser or OS to install without you even being aware. More commonly, a download/installation dialog will appear, but will masquerade as something else, causing unwitting users to install it anyway.
McAfee’s most recent threats report highlights a number of new threats on Android. Android remains far and away the most commonly targeted platform for malware developers (a result of its relatively open architecture and massive popularity). One recent malware variant for Android is specifically designed as a drive-by download:
Drive-by downloads arrived for Android this quarter with Android/NotCompatible.A. Similar to driveby installs on the PC—simply visiting a site infects your computer—mobile drive-by downloads drop malware on your phone when you visit a site. A victim still needs to install the downloaded malware, but when an attacker names the file Android System Update 4.0.apk, most suspicions vanish.
At least this variant doesn’t automatically install itself (a difficult task in the Android environment), but naming the update to suggest it will offer Ice Cream Sandwich (Android 4.0) is a clever trick. Always be suspicious of any updates that present themselves while you’re browsing on a phone.
Whether you’re on a mobile device or a desktop, good security practices (running security software, not clicking on unknown email links, and not installing software without careful consideration) are the best way to avoid these sorts of threats.