Android Malware Using Blog As C&C Server

wiredmikey writes "Security researchers have discovered a unique feature circulating in some Android-based malware. The malicious application is using a blog in China to act as a Command and Control (C&C) server. On Tuesday, Trend Micro discovered a malicious Android application out of China using the new trick to receive instructions, and appears to be the first time Android malware implemented this kind of technique to communicate with its server."

Another non-story.

[Kenja]

You first have to install a the app from an untrusted site and ignore the page full of warnings the OS throws at you before this can do anything. Seriously, look at the screen shot in the FA. You have to agree that the app can make outgoing phone calls. If you click through that many warnings I would hardly call this malware. Its doing exactly what it says it will do.

Re:Another non-story.

[tepples]

Given that pretty much every app that I've seen asks for full Internet access (so that it can talk to the Internet service it was made to talk to) and phone call state (so that it can back off if you get a call), I guess people have started ignoring these warnings.

Re:Another non-story.

[Charliemopps]

Ok, no put all those questions in front of your mom and... Malware!

Re:Android C&C in China?

[hairyfeet]

Riiiight. Might work in the east, where the masses have never had a computer in the first place, won't work in the west and here is why: Just last year one of the local vendors in my area sold "Windows netbooks for $100" with in tiny writing "Compact Edition" but hell, people don't know what that means. it looked like XP, that was all that they saw.

Within a few weeks the local CL was filled to the brim with folks practically GIVING the things away. Why was that? Was there something wrong with them? Nope I tried one for a few weeks before giving it away and it was just fine for basic net surfing but it wouldn't run Windows programs so everyone (including me) got rid of them.

The reason why MSFT rules the desktop is the same reason why MSFT has to royally bust their ass maintaining backwards compatibility and that is the millions of x86 apps written that folks use every day, from the software that came with their cameras and printers to the software they use at the office. it is ALL x86 and while Linux guys can scream "We got stuff just as good!" frankly that's bullshit. Where is the custom medical and shipping apps? software equal to Quicken/Quickbooks? it doesn't exist in Linux and it sure as hell doesn't exist in ARM Linux, which has even less apps than x86 Linux.

The reason Apple can get away with the numbers they do is because everyone considers their cell phones throw away items. folks use it until their contract is up and then get another one and they have been trained that their programs won't work because what worked with phone foo don't with phone bar. Hell everyone I know has drawers filled with the things as they don't know WTF to do with all their old phones. from what I've seen the masses treat the tablet as "a big cell phone" and therefor phone rules apply. but when you start talking netbooks and the like? those are "baby laptops" and they damned well WILL expect it to run everything their desktop runs, just slower because "its a baby". Believe me as a retailer I've seen it first hand.