Tech News: Malware Uses Blog Posts as Command Post to Attack Android Devices
Labels:
android malware.,
android phones,
malware affecting android phones,
malware uses blog post,
news,
technology
Alarming news for bloggers and Android users out there! Did you know that even your simple blog post can turn out to be a serious threat to Google's Android operating system, as innocent blog sites are being used for malware attacks, which aims at targeting gadgets such as computers and mobile phones that uses Android operating system. This news was confirmed by Trend Micro.
Trend Micro said in a press release that they have a new type of malware uses blog sites with encrypted contents as the malware's command-and-control post.
In a blog post published by Trend Micro, it was said "From our analysis, we found that this malware has two hard-coded C&C Servers to which it connects to receive commands and deliver payloads. The first server is just like the usual remote site, where the malware posts and gets information and commands. The second C&C server, however, caught our attention. The second C&C server is a blog site with encrypted content,"
This was the first time that Android malware implemented this type of attack - using blog site technique to communicate with its server.
For the information of every Android users, the new malware is detected as ANDROIDS_ANSERVER.A, and arrives as an e-book reader application and can be downloaded from a third-party Chinese apps store.
Also according to Trend Micro, the malware ask for various permissions, allowing it to do the following:
- Make a Call
- Access to Internet and Network Settings
- Disable Key Lock
- Wake the Device
- Control Vibrate Alert
- Read, Write, Receive and Send SMS messages
- Restart Applications
- Read Low-Level log file
- Read and Write Contacts
Malware in Blog Contents
In blog content check performed by Trend Micro, it revealed six encrypted posts that contain the backup C&C URLs. In addition, the company also found 18 binaries uploaded to the blog, with the earliest posted July 23, and the latest post is September 26. It was also noted that one of the malware updates is named_test, and it's name suggests that this malware is currently under further development.
Newer versions of the malware also has the ability to display notifications attempting to trick a user to approve a download of an update. This activity was discovered while performing post decryption and analysis of binaries. Another interesting improvement of the malware is its ability to terminate four security-related applications:
- com.qihoo360.mobilesafe
- com.tencent.qqpimsecure
- com.ijinshan.mguard
- com.lbe.security
As for the blog platforms affected by this malware, Trend Micro has not mentioned any of the blogging platforms available online to be affected by these malware. However, they noted that a botnet was found using microblogging site Twitter for issuing commands affecting the device using Android operating system.
News from GMAnews.tv.
Subscribe to:
Post Comments (Atom)
October 29, 2011 at 2:55 PM
Thanks for providing this good informative post and i got a good knowledge from your blog, i think most of the peoples are get good benefited from this information.
android developer
March 14, 2012 at 1:37 AM
I recently came across your blog and have been reading along. I thought I would leave my first comment. I don’t know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.iphone repair
April 11, 2012 at 4:27 AM
This is my first opportunity to visit this website. I found some interesting things and I will apply to the development of my blog. Thanks for sharing useful information.
iphone screen repair Toronto
iPhone 4 water damage repair
broken iphone screen repair
Post a Comment