Download - The New NotCompatible
![Page 1: The New NotCompatible](https://reader034.vdocuments.us/reader034/viewer/2022052623/559825e81a28abe5488b47a0/html5/thumbnails/1.jpg)
THE NEW NOTCOMPATIBLE: A sophisticated mobile threat that
puts protected networks at risk
![Page 2: The New NotCompatible](https://reader034.vdocuments.us/reader034/viewer/2022052623/559825e81a28abe5488b47a0/html5/thumbnails/2.jpg)
Over the past two years, Lookout has tracked the evolution of NotCompatible.
2014 NotCompatible.C has set a new bar for mobile malware sophistication and operational complexity.
2013 Lookout finds NotCompatible variant "C" being spread through spam campaigns on hacked email accounts.
2012 One of the first times that hacked websites were used to specifically target and infect mobile devices.
N O T C O M P A T I B L E
![Page 3: The New NotCompatible](https://reader034.vdocuments.us/reader034/viewer/2022052623/559825e81a28abe5488b47a0/html5/thumbnails/3.jpg)
The command infrastructure and communication perseveres
and self-protects through redundancy and encryption,
making it elusive and enduring.
Read the blog
![Page 4: The New NotCompatible](https://reader034.vdocuments.us/reader034/viewer/2022052623/559825e81a28abe5488b47a0/html5/thumbnails/4.jpg)
The technological evolution of NotCompatible has turned a once compelling piece of malware into one of the known longest-running mobile
botnets we’ve seen to-date.
Read the blog
![Page 5: The New NotCompatible](https://reader034.vdocuments.us/reader034/viewer/2022052623/559825e81a28abe5488b47a0/html5/thumbnails/5.jpg)
It’s a prime example of how mobile malware complexity is advancing and is borrowing technical tactics
already seen in PC malware.
Read the blog
![Page 6: The New NotCompatible](https://reader034.vdocuments.us/reader034/viewer/2022052623/559825e81a28abe5488b47a0/html5/thumbnails/6.jpg)
NotCompatible is used as a proxy to run spam campaigns, scalp
concert tickets, search the Internet for vulnerabilities, and more.
Read the blog
![Page 7: The New NotCompatible](https://reader034.vdocuments.us/reader034/viewer/2022052623/559825e81a28abe5488b47a0/html5/thumbnails/7.jpg)
While NotCompatible.A was relatively simplistic architecturally, NotCompatible.C is a changed
beast in terms of the technological concepts it uses to stay alive.
Read the blog
![Page 8: The New NotCompatible](https://reader034.vdocuments.us/reader034/viewer/2022052623/559825e81a28abe5488b47a0/html5/thumbnails/8.jpg)
This threat features impressive new technical attributes compared to earlier variants –
attributes that, in combination, Lookout has never before observed in a mobile threat.
Resiliency Resistance to Detection Self-Protection
N O T A B L E A T T R I B U T E S
Read the blog
![Page 9: The New NotCompatible](https://reader034.vdocuments.us/reader034/viewer/2022052623/559825e81a28abe5488b47a0/html5/thumbnails/9.jpg)
NotCompatible.C is resilient to network-based blocking because it uses a peer-to-peer protocol and has multiple, geographically-distributed Command and Control (C2) servers. The geo-distribution of its C2 servers allows the malware to function even if law enforcement is able to take down individual servers. Peer- to-peer protocols make the malware resilient to IP and DNS based blocking by enabling infected devices to receive commands by proxy via other infected devices.
Resiliency Resistance to Detection Self-Protection
N O T A B L E A T T R I B U T E S
Read the blog
![Page 10: The New NotCompatible](https://reader034.vdocuments.us/reader034/viewer/2022052623/559825e81a28abe5488b47a0/html5/thumbnails/10.jpg)
NotCompatible.C encrypts all C2 and proxied data traffic end-to-end while also performing mutual authentication between clients and C2 servers via public key cryptography. This protocol-level encryption can prevent network security systems from being able to differentiate malicious traffic from legitimate traffic.
Resiliency Resistance to Detection Self-Protection
N O T A B L E A T T R I B U T E S
Read the blog
![Page 11: The New NotCompatible](https://reader034.vdocuments.us/reader034/viewer/2022052623/559825e81a28abe5488b47a0/html5/thumbnails/11.jpg)
NotCompatible.C uses a Gateway C2 to analyze incoming connections and likely prevents active probing of the various Operational C2s by blocking connections from non-approved IP addresses.
Resiliency Resistance to Detection Self-Protection
N O T A B L E A T T R I B U T E S
Read the blog
![Page 12: The New NotCompatible](https://reader034.vdocuments.us/reader034/viewer/2022052623/559825e81a28abe5488b47a0/html5/thumbnails/12.jpg)
Our investigation shows the possibility that a threat like this could expand to assist in attacks on corporate
networks, a risk that should not be ignored.
Read the blog
![Page 13: The New NotCompatible](https://reader034.vdocuments.us/reader034/viewer/2022052623/559825e81a28abe5488b47a0/html5/thumbnails/13.jpg)
Implement mobile threat protection Segment the network
P R O T E C T I O N S T R A T E G I E S
Mobile devices typically operate outside the traditional perimeter and beyond the reach of network-based security solutions. An advanced mobile security platform allows organizations to monitor for and protect against suspicious activity on their mobile devices, block identified threats and assess the overall health of their mobile ecosystem. Next generation threats such as NotCompatible.C can provide access to protected networks and facilitate the exfiltration of data in a way that most enterprises are not prepared to defend against. By detecting this threat at the device level, it is possible to block and prevent installation before an attacker can perform any hostile activity.
Read the blog
![Page 14: The New NotCompatible](https://reader034.vdocuments.us/reader034/viewer/2022052623/559825e81a28abe5488b47a0/html5/thumbnails/14.jpg)
Implement mobile threat protection Segment the network
P R O T E C T I O N S T R A T E G I E S
All mobile devices used in protected environments — especially those able to connect to external unmanaged networks — should be limited to an isolated network segment with strong controls limiting access to sensitive resources and analytics to detect potentially malicious behavior.
Read the blog
![Page 15: The New NotCompatible](https://reader034.vdocuments.us/reader034/viewer/2022052623/559825e81a28abe5488b47a0/html5/thumbnails/15.jpg)
Lookout has thus far actively protected against NotCompatible on hundreds of thousands of devices in
the U.S. and around the world.
Read the blog
![Page 16: The New NotCompatible](https://reader034.vdocuments.us/reader034/viewer/2022052623/559825e81a28abe5488b47a0/html5/thumbnails/16.jpg)
To learn more about NotCompatible, read our
report or check out our blog.
![Page 17: The New NotCompatible](https://reader034.vdocuments.us/reader034/viewer/2022052623/559825e81a28abe5488b47a0/html5/thumbnails/17.jpg)
For more mobile security information, follow