Android™ malware that uses blog platform detected

Unscrupulous elements are increasingly targeting Android users, and the latest malware application to have been detected uses the blog platform to communicate with cyber criminals.

Trend Micro Inc. has unearthed a new Android malware that uses a blog in China as a C&C (Command and Control) system. Researchers at Trend Micro, the Japan-based leading computer security firm, have claimed that they have detected a unique, first-of-its-kind malware that uses encrypted content on a blog site to communicate with cyber criminals. Writing for the Trend Micro malware blog, Karl Dominguez, a threat response engineer, noted, “Malware targeting the Android platform are continuously improving in performance as well as using new techniques to thwart analysis and to avoid detection.”

Apparently, this new malware, detected by Trend Micro as ANDROIDOS_ANSERVER.A, assumes the form of an e-book reader app and tricks the user into downloading it from a third-party app store located in China.

Once installed, this malware app requests for a few permissions. When these permissions are granted by the user, they could be used by the malware to carry out the following tasks:

• Access network settings.
• Access the Internet.
• Control the vibrate alert.
• Disable key locks.
• Make a call.
• Read low-level log files.
• Read and write contact details.
• Restart apps.
• Wake the device.
• Write, read, receive, and send SMS.

Karl also revealed how the malware works, “From our analysis, we found that this malware has two hardcoded C&C servers to which it connects in order to receive commands and to deliver payloads. The first server is just like the usual remote site to which the malware posts information to and gets commands from. The second C&C server, however, caught our attention more. This is a blog site with encrypted content, which based on our research, is the first time Android malware implemented this kind of technique to communicate.”