Now, even seemingly innocent blog sites are being used for malware attacks targeting devices running Google’s Android operating system, a computer security firm warned.
Trend Micro said one such new malware it recently detected uses a blog site with encrypted content as a command-and-control post.
“From our analysis, we found that this malware has two hard-coded CC Servers to which it connects to receive commands and deliver payloads. The first server is just like the usual remote site, where the malware posts and gets information and commands. The second CC server, however, caught our attention. The second CC server is a blog site with encrypted content,” it said in a blog post.
It said this was the first time Android malware implemented this kind of using a blog site technique to communicate with its server.
The new malware, detected as ANDROIDS_ANSERVER.A, arrives as an e-book reader application and can be downloaded from a third-party Chinese application store.
According to Trend Micro, it asks for the various permissions that allow it to do the following:
– Access network settings
– Access the Internet
– Control the vibrate alert
– Disable Key lock
– Make a Call
– Read low-level log files
– Read, and write contacts
– Restart applications
– Wake the device
– Write, read, receive, and send SMS
Blog contents
A check of the blog contents revealed six encrypted posts containing the backup CC URLs.
Trend Micro also found 18 binaries uploaded to the blog, with the earliest posted July 23, and the latest last Sept 26.
“It can also be noted that one of the updates is named _test, which suggests that this malware is still being further developed,” it said.
Decrypting the posts and analyzing the binaries showed the newer versions of the malware can display notifications that attempt to trick a user to approve a download of an update.
Another improvement of the later versions is the capability to terminate four security related applications:
– com.qihoo360.mobilesafe
– com.tencent.qqpimsecure
– com.ijinshan.mguard
– com.lbe.security.
Blog platforms
Trend Micro noted the use of blog platforms in malware activities is not unheard of for malware affecting computers.
Earlier this year, it noted a botnet was found using Twitter for issuing commands to affected systems.
“If anything, this recent adaptation of mobile malware using this technique is another sign of its continued development and proliferation,” it said. — TJD, GMA News
Article source: http://ph.news.yahoo.com/android-malware-uses-blog-posts-command-post-104306815.html
View full post on National Cyber Security » Virus/Malware/Worms