Skip to main content

Android malware threat rears its head again — and this time it means business

A malware threat first observed in 2012 has evolved and hijacked more than 4 million Android devices to send spam emails, buy event tickets in bulk and crack WordPress accounts. In its new and improved form, the threat is now putting enterprise networks at risk.

Mobile security firm Lookout first discovered NotCompatible in 2012 (variant “A”), when the malware disguised itself as a system update, which if downloaded turned the infected device into an attacker-controlled proxy. “We’ve seen increasingly sophisticated threats emerging – for the first time ever, we witnessed malware writers targeting the mobile Web via compromised or infected websites with the NotCompatible threat,” said Derek Halliday, senior product manager at Lookout, in an interview with Digital Trends back in August 2012.

Recommended Videos

Since then, Lookout has tracked the NotCompatible threat and is now reporting the emergence of NotCompatible.C, the newest iteration of the malware. What makes NotCompatible.C a bigger threat than the original version is its ability to infiltrate secure enterprise networks by way of infected devices.

“NotCompatible.C is ultimately a botnet-for-rent; though the server architecture, peer-to-peer communications, and encryption make it a much more formidable threat,” according to Lookout. In other words, the new version of NotCompatible makes it more difficult for network security systems to detect and block.

Spam email blasts and compromised websites are the delivery channels for the “drive-by-downloads” that infect devices with NotCompatible.C. The malware relies on the gullibility of Android users – for instance, including a link to an Android application package (APK) in an email about weight loss solutions.

The malware is costly for owners of infected Android phones. Not only does it use data that counts against a user’s carrier plan, it also drains a phone’s battery.

Lookout offers two strategies to protect against NotCompatible.C: use an advanced mobile security platform to detect the threat at device level and segment networks to limit the potential reach of an infected device. Lookout says its mobile app is able to defend Android devices from NotCompatible.C.

To read a more detailed analysis of the NotCompatible.C threat, read Lookout’s report.

Lookout’s report about NotCompatible.C is hardly alone in sounding the warning bell for Android users. According to online security firm F-Secure, 99 percent of mobile malware threats in Q1 2014 were designed to run on Android devices. Meanwhile, Cheetah Mobile, a company that makes mobile apps to clean, protect and optimize phones, recently reported that 9 percent of Android apps are fully or partially malware.

Jason Hahn
Former Contributor
Jason Hahn is a part-time freelance writer based in New Jersey. He earned his master's degree in journalism at Northwestern…
Android 16 put a digital bodyguard on my phone and you must enable it
Advanced Protection in Android 16.

Over the past couple of years, Android’s focus on user safety and device security has been pretty evident. The company has leveraged AI to build features that listen to calls and read messages in real-time and alert users if they are at risk of getting scammed. 

Similar guardrails have also been put in place for web browsing in Chrome, and a whole bunch of lost device portion protocols have been baked into the OS' core. A few of them have remained exclusive to Google’s Pixel phones (and some Samsung devices) so far, but with the release of Android 16, these benefits are now being extended to the entire platform.

Read more
Nothing Phone 3 is the firm’s biggest swing at Apple and Samsung yet
Is this the shot-in-the-arm the smartphone market desperately needs?
A person holding the Nothing Phone 2, with the lights active.

The Nothing Phone 3 will officially be available in the US, as the company looks to take on the likes of the iPhone 16, Samsung Galaxy S25 and Google Pixel 9 with a handset Nothing founder and CEO, Carl Pei, calls its "first true flagship smartphone".

Those looking for an alternative smartphone option this year will be able to pick up the Phone 3 from Amazon and Nothing's own website, reports TechCrunch.

Read more
This one iPadOS 26 feature has me excited for the iPhone Fold
Semi-open state of a foldable iPhone concept

Samsung is set to launch the seventh generation of its Galaxy Z Fold book-style folding phone this Summer, but its biggest rival is yet to show its folding phone hand. Apple has long been expected to unveil an iPhone Fold, and the latest rumors suggest that it will launch next year.

I’ve used almost every folding phone released globally, with some exceptions for extremely obscure ones. While I've always been curious what an iPhone Fold would look like, I was fairly certain that Apple shouldn't build it, as I wasn’t sure they could deliver on one necessary feature.

Read more