Android users should watch out for websites that automatically download files named “update.apk,” according to Lookout Mobile Security’s blog. These phony update packages are trojans that may allow for a third party to tunnel into your private networks through your phone.

The trojan, dubbed NotCompatible, can only be installed on your Android phone if installing .apk packages from unknown sources is enabled. If you switch this off when you are not intending to sideload apps, that should offer some protection from unintentionally activating this “update.” Users of the Lookout security software for Android are also protected from drive-by downloading when File System Monitoring and Install Monitoring are active.

The security blog states that most of the websites that pose a threat are smaller sites, and should not pose a major threat for most Android users. Still, take this as a public service announcement for anyone who uses the internet: Do NOT install software packages you did not intend to download, especially when a questionable site tells you to.

You can download Lookout Security & Antivirus from the Google Play Store for free.

Have you noticed any sites pushing shifty packages directly to your phone? Let us know in the comments section below.