New Android Mobile Menace One Of The Most Sophisticated Yet


Printer-friendly version Email this CRN article

NotCompatible, an Android menace being tracked by security researchers at mobile security specialist Lookout, has evolved into a threat comparable to PC malware and increased its resilience to network-based detection and blocking at enterprises, the company said in a new paper outlining the dangerous mobile threat.

Tim Strazzere, a security engineer at San Francisco-based Lookout, said the threat grew from a simple proxy on infected devices in 2012 into an increasingly complex malware variant. The criminals behind the threat have established a business, renting out the botnet of infected devices to other attackers.

Strazzere and other Lookout researchers uncovered spam campaigns conducted by compromising webmail accounts, and a bulk-ticket-purchasing scheme that bypassed antifraud mechanisms at Ticketmaster, Live Nation, StubHub and other ticket-purchasing services. The attackers also conducted a brute-force attack campaign to gain access to Wordpress content management system administrator accounts.

[Related: Encountering Mobile Threats Extremely Low in U.S., Security Firm Finds]

"NotCompatible.C possesses unique and impressive technical sophistication in the world of mobile malware," Strazzere said of the malware's latest iteration in the report. "Its resiliency, resistance to network-based detection, and self-protection features make it a potent threat in the hands of an attacker."

There have been no other mobile botnets as sophisticated as NotCompatible, Strazzere said. NotCompatible is capable of encrypting communications and uses a peer-to-peer communication mechanism to strengthen its resiliency to detection. The attackers have built out a global command and control infrastructure tied to drive-by-download attack campaigns that attempt to trick victims into downloading the malware onto their device, Strazzere said.

Lookout  is trying to make the case that organizations need to be proactive about mobile malware and malicious applications, but a report produced by the company last year found that encountering threats is extremely low in the U.S. Android malware in the form of text messaging SMS Trojans have been widely detected infecting mobile devices in Eastern Europe, Russia and Asia. Last year, Lookout documented Russian-based criminal groups behind some Android mobile threats. Free mobile applications containing aggressive adware is often labeled A malware threat by security vendors, but IT security pros and chief information security officers are more concerned about the potential of data leakage, and lost and stolen devices.

Lookout has built up a base of more than 50 million customers that install its mobile security application on Apple iOS and Android devices. The company has struck deals with T-Mobile, AT&T, Deutsche Telekom and Orange to get its app on user mobile devices. Solution providers tell CRN that the message about mobile security threats has been drowned out by high-profile data breaches in the retail industry and the continued onslaught of targeted cyberespionage attack campaigns. Lookout is readying a mobile platform for enterprises and hired two industry veterans to engage the channel as part of its go-to-market strategy.

 Aaron Cockerill was named Lookout's vice president of enterprise product. Cockerill served as vice president of mobile security technologies at Citrix Systems and oversaw mobile engineering and product teams that built out XenMobile platform. David Helfer, a Juniper Networks veteran, was named Lookout's vice president of worldwide channel development.

In an interview with CRN, Helfer said he is building the channel organization from scratch and hopes to attract a handful of regional security consultancies to partner with Lookout.

Lookout's enterprise platform is expected to ship in the first half of next year. The SaaS-based mobile security platform will differentiate itself by focusing on identifying mobile malware and alerting incident responders to the risks posed by malicious applications. It also will rely on Lookout's ability to conduct static and dynamic testing on mobile apps and enable IT administrators to set security restrictions based on employee roles within the organization.

Lookout is signing agreements with a number of systems integrators in the U.S. but plans to grow the partner base slowly, adding about 24 partners globally in 2015, according to Helfer.

PUBLISHED NOV. 19, 2014

Printer-friendly version Email this CRN article