As proof, Mahaffrey cited Lookout's suspicion that a single player was not behind NotCompatible, but that instead it was the coordinated work of multiple groups, each responsible for a part of the attack and the malware's underlying profit-making infrastructure.

"[NotCompatible's makers] may be selling some sort of online proxy service to others," Mahaffrey said. "Those using these Android proxies may not even know what [the hackers] are doing."

Mahaffrey called the NotCompatible code "well-written and very stable" at one point in the interview. "It's engineered very well, which is fairly different from most Android malware," he said.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at , on or subscribe to . His email address is .

See .