The NotCompatible Android Trojan identified a few days ago by Lookout is apparently used by cybercriminals to make fraudulent purchases via the devices they infect.
The researchers note that the Trojan still only acts as a proxy, allowing its masterminds to use it with the purpose of making their transactions legitimate-looking. However, this functionality seems to be enough for them to commit crimes.
The experts have found that the cybercrooks are using the infected phones to purchase various items on online shops such as the Apple App Store and Ticketmaster.
“Because legitimate sites often use the source of network data as a way to detect fraud, bad guys try to hide where they are coming from. NotCompatible allows them to engage in fraud, while making their network traffic look like it is coming from legitimate mobile devices all around the world,” they explained.
Fortunately, for the time being, the malware doesn’t seem to target specific organizations and it hasn’t been updated to compromise data on the affected device.