NotCompatible will automatically start downloading if the hacked website detects an Android device is visiting by looking at the web browser's user-agent string, which specifies the device's operating system.
After the malware downloads, the device will ask a user to install the application. But for it to be installed, the Android device's settings must have "unknown sources" enabled, Lookout said. If the setting is not enabled, only applications from the Android Market, now called the Google Play store, can be installed.
From second source linked in PCWorld Article
In this specific attack, if a user visits a compromised website from an Android device, their web browser will automatically begin downloading an application—this process is commonly referred to as a drive by download.
When the suspicious application finishes downloading, the device will display a notification prompting the user to click on the notification to install the downloaded app. In order to actually install the app to a device, it must have the “Unknown sources” setting enabled (this feature is commonly referred to as “sideloading”). If the device does not have the unknown sources setting enabled, the installation will be blocked.
And because I know of at LEAST 2 people on these forums that will reply with " you have to click something confirm " or any other defense they can think of. remember you said it didn't matter in relation to Macs, so it Also doesn't matter in relation to Android. The Fact that ANY Platform can be hit. The prevalence and popularity of Mobile devices for browsing as well as Banking by many people ( my sister among them ), is just leading to where Hacks/Holes/"infections" will be come more popular, same as current rise in OSX Infections.
I don't think Microsoft is the Big Target anymore. But i still feel its the easy target
edit - just checked, Android has AdBlock plugin avaliable, my question is could the iFrame address be included in the block list to stop this attack?