According to a November 20th post in the New York Times Bits blog, Android phone users need to be protecting themselves from a sophisticated class of malware called NotCompatible. This malware has been on the loose for a couple of years, and is installed either as a drive-by downloaded from an infected web page, or more recently as a “security patch” delivered as an email attachment.
The goal of the malware distributors is to plant a Trojan horse which allows remote control, and join the affected phones into a botnet, for sending spam or ordering large blocks of tickets from Ticketmaster. The danger to Android phone users comes in the loss of personal information, photos, and passwords that may be stored on the phone for things such as WordPress, Facebook, and email accounts. Also, Android users would be responsible for any data plan overage charges.
The solution is fairly straightforward – install an Android security app, just as you would on your laptop or desktop computer. The website Digital Trends has an article that compares the top 5 apps from a recent analysis done by independent testing lab AV-TEST.
According to AV-TEST, the most secure products are from:
- Cheetah Mobile
- 360 Mobile
My advice is pick something from the list and install it today. And iPhone users – you need to do something as well, because Apple products are just as vulnerable to exploits such as this one. Many of the software companies mentioned above have iPhone apps available.
For more information:
- NY Times – Malicious Software Said to Spread to Android Phones
- Silicon Beat – Android Users Beware
- Digital Trends – Top 5 Android Security Apps
- AV-TEST – November 2014 Android Apps Comparison
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com