Slashdot Mirror

← Back to Stories (view on slashdot.org)

Android Malware Using Blog As C&C Server

Posted by samzenpus on from the command-and-comment dept.

wiredmikey writes "Security researchers have discovered a unique feature circulating in some Android-based malware. The malicious application is using a blog in China to act as a Command and Control (C&C) server. On Tuesday, Trend Micro discovered a malicious Android application out of China using the new trick to receive instructions, and appears to be the first time Android malware implemented this kind of technique to communicate with its server."

17 of 89 comments (clear)

  1. so, blogs can contain keywords to trigger malware? by wierd_w · · Score: 2

    The obvious solution is to use something that is at once ubiquitous and innately evil, like twitter or facebook.

    Imagine the new 'activates malware' hashtag!

  2. C&C by Anonymous Coward · · Score: 2, Funny

    Hehe, I thought for a moment it was being used as a Command & Conquer server...

    1. Re:C&C by fuzzyfuzzyfungus · · Score: 2

      "I'm Seth. Just... Seth. From God, to Kain, to Seth. I am his right hand and I have a task for you."

  3. should have gone the HURD by ThorGod · · Score: 2

    Android wouldn't be having this problem if it ran a HURD kernel...

    > : )

    --
    PS: I don't reply to ACs.
  4. Android C&C in China? by Anonymous Coward · · Score: 2, Interesting

    This actually makes sense considering that so many "computers" being manufactured for the Chinese market are now Android based. Yes, Microsoft is freaking out and trying to get their OS on ARM because of all the ARM based Android tablets, micro-books, or net-books that are on the market in China are eating their market share for "real" computers. Why spend almost a months disposable income on a machine capable of running a pirated copy of Windows XP when you can spend 1/5 to 1/3 that amount on a fully featured Android tablet/palm-top/micro-book/whatever? The idea of malicious keywords also makes some of the webforum spam I have seen recently. Interesting.

    1. Re:Android C&C in China? by hairyfeet · · Score: 3, Insightful

      Riiiight. Might work in the east, where the masses have never had a computer in the first place, won't work in the west and here is why: Just last year one of the local vendors in my area sold "Windows netbooks for $100" with in tiny writing "Compact Edition" but hell, people don't know what that means. it looked like XP, that was all that they saw.

      Within a few weeks the local CL was filled to the brim with folks practically GIVING the things away. Why was that? Was there something wrong with them? Nope I tried one for a few weeks before giving it away and it was just fine for basic net surfing but it wouldn't run Windows programs so everyone (including me) got rid of them.

      The reason why MSFT rules the desktop is the same reason why MSFT has to royally bust their ass maintaining backwards compatibility and that is the millions of x86 apps written that folks use every day, from the software that came with their cameras and printers to the software they use at the office. it is ALL x86 and while Linux guys can scream "We got stuff just as good!" frankly that's bullshit. Where is the custom medical and shipping apps? software equal to Quicken/Quickbooks? it doesn't exist in Linux and it sure as hell doesn't exist in ARM Linux, which has even less apps than x86 Linux.

      The reason Apple can get away with the numbers they do is because everyone considers their cell phones throw away items. folks use it until their contract is up and then get another one and they have been trained that their programs won't work because what worked with phone foo don't with phone bar. Hell everyone I know has drawers filled with the things as they don't know WTF to do with all their old phones. from what I've seen the masses treat the tablet as "a big cell phone" and therefor phone rules apply. but when you start talking netbooks and the like? those are "baby laptops" and they damned well WILL expect it to run everything their desktop runs, just slower because "its a baby". Believe me as a retailer I've seen it first hand.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  5. Another non-story. by Kenja · · Score: 4, Insightful

    You first have to install a the app from an untrusted site and ignore the page full of warnings the OS throws at you before this can do anything. Seriously, look at the screen shot in the FA. You have to agree that the app can make outgoing phone calls. If you click through that many warnings I would hardly call this malware. Its doing exactly what it says it will do.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    1. Re:Another non-story. by tepples · · Score: 2, Insightful

      Given that pretty much every app that I've seen asks for full Internet access (so that it can talk to the Internet service it was made to talk to) and phone call state (so that it can back off if you get a call), I guess people have started ignoring these warnings.

    2. Re:Another non-story. by tycoex · · Score: 4, Informative

      You didn't actually look before replying did you...?

      I've installed about 100 apps on my phone and I have never seen a single app that had this many permissions.

      Okay, so you download your third-party Chinese app store (bad idea in the first place, from my experience Chinese web sites are terrible for malware).

      Next, you download an e-book reader. Now, off the top of my head I can think of a few permissions an e-book reader might need. Perhaps full internet access, modify SD contents, prevent phone from sleeping, and maybe a few more, but that's about it.

      Now look at some of the permissions for this e-book reader, they are very obviously not needed for an e-book reader:

      1) Edit, read, or receive SMS/MMS.
      2) Read and write contact data.
      3) Directly call phone numbers and send SMS messages.
      4) Read system log files
      5) Write access point name settings

      I can see a situation where something ambiguous that might actually be needed such as "full internet access" could be exploited, but this definitely isn't one of those situations.

    3. Re:Another non-story. by Charliemopps · · Score: 4, Insightful

      Ok, no put all those questions in front of your mom and... Malware!

    4. Re:Another non-story. by aiken_d · · Score: 2

      Yeah, I'm pretty sure even an 80 year old non-technologist like my dad would be tipped off by something as unambiguous as "write access point name settings."

      Oh, wait, maybe not. Remind me, is Android for the mass market, or just for power users? Or is it like Windows, where anyone who's not an expert should expect to get their system owned, with platform apologists assuring everyone that it's the user's own fault?

      --
      If I wanted a sig I would have filled in that stupid box.
    5. Re:Another non-story. by JAlexoi · · Score: 2

      Actually, both on Android and on Windows it is the user's fault, and I'm no Windows apologist. It's as much user's fault as falling for a phishing email or "Your drive is infected. Check for viruses now." banner. It's like complaining that you get an STD after having sex with all your town's sluts... or downloading cracked software.
      When a security hole is exploited, then it'll be Windows and Android to blame. Social engineering is still the biggest threat.

  6. wrong, just wrong. by Gravis+Zero · · Score: 2

    and appears to be the first time Android malware implemented this kind of technique to communicate with its server.

    correction, this is the first time those security researchers have found this implementation. this isn't exactly rocket science.

    --
    Anons need not reply. Questions end with a question mark.
  7. Re:C&C Server by Mitchell314 · · Score: 2

    What if they completed the hand of nod?

    --
    I read TFA and all I got was this lousy cookie
  8. Re:Is this new or innovative? by vlueboy · · Score: 2

    Why aren't all malware creators doing this?

    Short answer: Higher barriers to entry on malware^W Windows environment programming.

    Things get tricky when you're a beginner coder who must do native Windows programming, and need network connectivity. After decades of 'progress' those Windows viruses you're hinting that we create in our sleep are still almost exclusively nasty DOS-using compilations and/or assembly-based. As such, they require some very low level coding since VBS has stopped being the malware tool of choice due to e-mail policies in newer programs.

    So, what does Android offer? Because Android isn't windows... Android programs run on Java. Java provides well-understood APIs and has a slew of shared libraries out there. Apparently even virus writers don't want to acquire a masters in the arcaneness of [embedded] C to succeed in rooting your machine^Wproprietary-android-phone via a network.

    And to add to the answer above, a Windows creator would try phones because of this next one: "Lack of phone antiviruses." The kind of stuff that you create on Windows would easily get blacklisted and REMOVED by every tool in existence under Windows given enough days. But Android is linux. And linux doesn't "Sell" antiviruses (with capital S.) And Apps won't have root access under your carrier to help you clean the phone properly anyway. And lastly, most phones' Android builds are NEVER auto-updated by the carriers.

  9. Re:Permissions? by Eyeball97 · · Score: 2

    Ok, so let me get this right. You have to agree to permissions for everything an android app does?

    Yes.

    Do you just spend your whole life agreeing to stuff on your phone?

    [Sarcasm]Yes that's right, because I spend every waking moment installing apps on my phone...[/Sarcasm]

    I'll take my iPhone, it works, and it always works thank you.

    Ok, so let me get this right. You hand over ALL your trust to the app store, and you don't care what permissions an app gets. Because the iDrones at the app store would never make a mistake and let a bad app through, right? You have an iProduct because you like it simple, and reviewing what an app has permission to do while you're installing it is far too complicated for you?

  10. Re:the only way to besure... by sFurbo · · Score: 2

    No, no, he thinks we should google china from orbit. The ISS has an internet connection, doesn't it? Though I don't know what the astronauts should do with fine ceramic dinner plates.