Long-Running Android Botnet Evolves, Could Pose Threat to Corporate Networks
Lookout warns of new mods to an old Trojan.
A newly found version of the Trojan program, called NotCompatible.C, encrypts its communications with the C&C servers, making the traffic indistinguishable from legitimate SSL, SSH or VPN traffic, the Lookout security researchers said Wednesday in a blog post. The malware can also communicate with other infected devices directly, forming a peer-to-peer network that offers powerful redundancy in case the main C&C servers are shut down.
The attackers are using load balancing and geolocation techniques on the infrastructure side so that infected devices are redirected to one of more than 10 separate servers located across Sweden, Poland, the Netherlands, the U.K., and the U.S.
“In NotCompatible.C we see technological innovation in a mobile malware system that reaches the levels more traditionally displayed by PC-based cybercriminals,” the Lookout researchers said.
More: Long-Running Android Botnet Evolves, Could Pose Threat to Corporate Networks