Over the past two years, Lookout has tracked the evolution of NotCompatible. NotCompatible.C has set a new bar for mobile malware sophistication and operational complexity.
Boost Fertility New Invention Ups Success Rates.pdf
The New NotCompatible
1. THE NEW NOTCOMPATIBLE:
A sophisticated mobile threat that
puts protected networks at risk
2. Over the past two years, Lookout has
tracked the evolution of NotCompatible.
2014
NotCompatible.C has set a
new bar for mobile malware
sophistication and operational
complexity.
2013
Lookout finds NotCompatible
variant "C" being spread
through spam campaigns on
hacked email accounts.
2012
One of the first times that
hacked websites were used to
specifically target and infect
mobile devices.
NOTCOMPAT I B L E
3. The command infrastructure
and communication perseveres
and self-protects through
redundancy and encryption,
making it elusive and enduring.
Read the blog
4. The technological evolution of NotCompatible
has turned a once compelling piece of malware
into one of the known longest-running mobile
botnets we’ve seen to-date.
Read the blog
5.
It’s a prime example of how mobile
malware complexity is advancing
and is borrowing technical tactics
already seen in PC malware.
Read the blog
6.
NotCompatible is used as a proxy
to run spam campaigns, scalp
concert tickets, search the Internet
for vulnerabilities, and more.
Read the blog
7. While NotCompatible.A was
relatively simplistic architecturally,
NotCompatible.C is a changed
beast in terms of the technological
concepts it uses to stay alive.
Read the blog
8. NOTA B L E AT T R I B U T E S
Resiliency Resistance to Detection Self-Protection
This threat features impressive new technical
attributes compared to earlier variants –
attributes that, in combination, Lookout has
never before observed in a mobile threat.
Read the blog
9. NOTA B L E AT T R I B U T E S
Resiliency Resistance to Detection Self-Protection
NotCompatible.C is resilient to network-based blocking because
it uses a peer-to-peer protocol and has multiple, geographically-distributed
Command and Control (C2) servers. The geo-distribution
of its C2 servers allows the malware to function even
if law enforcement is able to take down individual servers. Peer-to-
peer protocols make the malware resilient to IP and DNS
based blocking by enabling infected devices to receive
commands by proxy via other infected devices.
Read the blog
10. NOTA B L E AT T R I B U T E S
Resiliency Resistance to Detection Self-Protection
NotCompatible.C encrypts all C2 and proxied data traffic end-to-end
while also performing mutual authentication between clients
and C2 servers via public key cryptography. This protocol-level
encryption can prevent network security systems from being able
to differentiate malicious traffic from legitimate traffic.
Read the blog
11. NOTA B L E AT T R I B U T E S
Resiliency Resistance to Detection Self-Protection
NotCompatible.C uses a Gateway C2 to analyze incoming connections
and likely prevents active probing of the various Operational C2s by
blocking connections from non-approved IP addresses.
Read the blog
12. Our investigation shows the possibility that a threat
like this could expand to assist in attacks on corporate
networks, a risk that should not be ignored.
Read the blog
13. PROTECT I O N STRAT E G I E S
Implement mobile threat protection Segment the network
Mobile devices typically operate outside the traditional perimeter and
beyond the reach of network-based security solutions. An advanced mobile
security platform allows organizations to monitor for and protect against
suspicious activity on their mobile devices, block identified threats and
assess the overall health of their mobile ecosystem. Next generation threats
such as NotCompatible.C can provide access to protected networks and
facilitate the exfiltration of data in a way that most enterprises are not
prepared to defend against. By detecting this threat at the device level, it is
possible to block and prevent installation before an attacker can perform
any hostile activity.
Read the blog
14. PROTECT I O N STRAT E G I E S
Implement mobile threat protection Segment the network
All mobile devices used in protected environments — especially those able
to connect to external unmanaged networks — should be limited to an
isolated network segment with strong controls limiting access to sensitive
resources and analytics to detect potentially malicious behavior.
Read the blog
15. Lookout has thus far actively
protected against NotCompatible on
hundreds of thousands of devices in
the U.S. and around the world.
Read the blog
16. To learn more about
NotCompatible, read our
report or check out our blog.