In most cases, hacked websites are believed to be the main source of malware infection but recent research has proved that spam sent from compromised email accounts too, contributes to the spread of infection. Spam sent from compromised accounts is difficult to filter. This is because, the sender is not only legitimate but also a regular correspondent of the recipient. Furthermore, the contents of these particular emails are little more than a link to a URL hosted on a legitimate, but compromised, website.
When such links are opened in a regular browser, the link sends the user to a website advertising a health-related product. If a user intentionally or accidentally clicks open this ad on an Android device, it downloads a variant of the ‘NotCompatible’ Trojan.
Compromised Yahoo! Accounts
NotCompatible was first uncovered in May 2012. Then, it was identified as a remote proxy malware threat distributed by hacked websites. Once downloaded, the malware owner could take over the phone and use it for his own benefits. It’s particularly noteworthy to mention here that majority of spam have been sent via compromised Yahoo! Accounts. The Virus Bulletin report highlights that the volume of spam from compromised Yahoo! accounts is significantly larger than that sent from other webmail providers.
So, the whole issue stems from the email service offered by Yahoo! Meanwhile, it has been observed that accounts that had not been used for a very long time have been compromised as part of this campaign.