Android malware downloads instructions from blog

Researchers from Trend Micro say the communication mechanism is a first for mobile malware
  • (IDG News Service)
  • — 06 October, 2011 22:40

Researchers from Trend Micro have spotted a piece of malicious software for Android that receives instructions from an encrypted blog, a new method of communication for mobile malware, according to the company.

The malware, which can steal information from an Android phone and send it to a remote server, purports to be an e-book application. It has been found on a third-party Chinese language application store.

Trend Micro calls the malware "ANDROIDOS_ANSERVER.A." If the application is installed, it asks for a variety of permissions. If those are granted, it can then make calls, read log files, write and receive SMSes and access the Internet and network settings, among other functions.

The malware uses the blog to figure out which command-and-control servers it should check in to. The command-and-control server then feeds the malware an XML file, which contains a URL where the malware can update itself. It can also connect with the blog to check for new updates. Trend Micro found that 18 variants of the malware have been posted to the blog between July 23 to Sept. 26.

"This is a blog site with encrypted content, which based on our research, is the first time Android malware implemented this kind of technique to communicate," wrote Karl Dominguez, a Trend Micro threat response engineer, on a company blog.

Malware writers have been known to abuse blogging platforms before. Dominguez noted that a botnet discovered earlier this year obtained instructions posted to Twitter.

Some of the newer versions of the malware on the blog "had the capability to display notifications that attempt to trick users into approving the download of an update," Dominguez wrote.

Security experts generally recommend that users should be cautious when downloading Android applications from third-party application stores due to the number of rogue applications that have been found. Users should also keep an eye on what permissions an application asks for and only allow the fewest permissions lest the application has nefarious functions.

Send news tips and comments to jeremy_kirk@idg.com

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Topics: security, trend micro
Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Compare & Save

Deals powered by WhistleOut
Use WhistleOut's technology to compare:
Mobile phone plans & deals
Mobile phone models
Mobile phone carriers
Broadband plans & deals
Broadband providers
Deals powered by WhistleOut
WhistleOut

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?