New Android malware can be controlled via blogs

Posted on Oct 6 2011 - 11:56pm by Julius

Security researchers at Trend Micro have identified a virus for the Android operating system, whose makers are using blogs as a redundancy and update mechanism.

The security firm named the trojan “ANDROIDS_ANSERVER.A,” which poses as an e-book reader and is distributed to unofficial app stores in Chinese websites. These app stores are very popular in the country because mobile phone owners do not have access yet to Google’s Android Market.

Once a user downloads and installs the app to their smartphones, it connects to two separate servers, where it receives additional commands and files. Karl Dominguez, a Threat Response engineer at Trend Micro, said that the first server is a website where the malware can send and receive data from, while the second server showed some characteristics that caught the security team’s attention.

“The second C&C server, however, caught our attention more,” wrote Dominguez on a Blog post on the TrendLabs Malware Blog. “This is a blog site with encrypted content, which based on our research, is the first time Android malware implemented this kind of technique to communicate.”

According to the researchers, it was the first time an Android malware used this kind of technique to communicate. The use of blogs and other social media sites for malware control, however, is not new. For example, a number of trojan creators use micro-blogging site Twitter to control botnets.

As security experts have predicted that, malware are increasingly growing, and things are expected to get worse. It is always best to know if your apps have proper reviews and avoid downloading apps from suspicious third party app stores.

 

via: Trend Micro

Leave A Response