Most malware attacks on Android phones only last a couple of weeks. But, security experts have wrangled with the sophisticated malware NotCompatible for over two years. It’s been used to hijack over 4 million phones.
The malware disguises itself as a system update. Once downloaded, it turns a user’s phone into an attacker-controlled drone. The processing power is being rented out by the hackers to cyber attackers who use it to send spam, launch brute force attacks on websites and to bulk buy event tickets for scalpers.
What makes NotCompatible most unusual is its sophistication. “The group behind NotCompatible are operating on a different plane to the typical mobile malware maker,” security analyst Jeremy Linden told the BBC.
The most recent version of the virus uses peer-to-peer networking and strong encryption to make it difficult to detect and to remove. But, there are still ways that you can protect your phone from this malware:
- Only download updates from Settings>Software Updates. This can ensure that you are downloading the real deal
- Turn off downloading from unknown sources
- Do not click on links in text messages urging you to update
- Cancel any pop-up that says there is an update available – these are often from hacked websites
To protect yourself from malware in general, avoid reusing passwords on more than one site. About 70% of Android users reuse passwords, making their other applications vulnerable if one is compromised. By using common sense and caution, you can keep your phone secure and avoid malware that can exploit your personal information and your phone’s processing power and bandwidth.