Android malware downloads instructions from blog

Researchers from Trend Micro say the communication mechanism is a first for mobile malware

Researchers from Trend Micro have spotted a piece of malicious software for Android that receives instructions from an encrypted blog, a new method of communication for mobile malware, according to the company.

The malware, which can steal information from an Android phone and send it to a remote server, purports to be an e-book application. It has been found on a third-party Chinese language application store.

Trend Micro calls the malware "ANDROIDOS_ANSERVER.A." If the application is installed, it asks for a variety of permissions. If those are granted, it can then make calls, read log files, write and receive SMSes and access the Internet and network settings, among other functions.

The malware uses the blog to figure out which command-and-control servers it should check in to. The command-and-control server then feeds the malware an XML file, which contains a URL where the malware can update itself. It can also connect with the blog to check for new updates. Trend Micro found that 18 variants of the malware have been posted to the blog between July 23 to Sept. 26.

"This is a blog site with encrypted content, which based on our research, is the first time Android malware implemented this kind of technique to communicate," wrote Karl Dominguez, a Trend Micro threat response engineer, on a company blog.

Malware writers have been known to abuse blogging platforms before. Dominguez noted that a botnet discovered earlier this year obtained instructions posted to Twitter.

Some of the newer versions of the malware on the blog "had the capability to display notifications that attempt to trick users into approving the download of an update," Dominguez wrote.

Security experts generally recommend that users should be cautious when downloading Android applications from third-party application stores due to the number of rogue applications that have been found. Users should also keep an eye on what permissions an application asks for and only allow the fewest permissions lest the application has nefarious functions.

Send news tips and comments to jeremy_kirk@idg.com

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags trend microsecurity

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?