Symantec has observed a new Android malware threat being distributed by a handful of infected websites. Full details on this threat, detected by Symantec as Android.Notcompatible, can be found here: http://www.symantec.com/connect/blogs/website-injection-campaign-used-conjunction-android-trojan.
When a user visits an infected site, this Trojan is automatically downloaded to their device. Unlike a traditional drive-by download, however, the user must still manually agree to install this threat. Therefore, it has been disguised as a device security update. The threat then allows its creator to reroute data traffic from an infected device to a third-party destination.
This threat highlights how mobile malware authors are moving beyond traditional “smash-and-grab” activities, such as premium SMS scams, and towards more sophisticated assaults, such as theft of sensitive information.