Android malware under blog control says Trend Micro
Beware the Chinese e-book reader
Customer Success Testimonial: Recovery is Everything
Trend Micro is reporting a Chinese Android malware that operates partly under the command and control of a blog.
The ANDROIDOS_ANSERVERBOT.A malware is disguised as an e-book reader offered on a third-party Chinese app store. It uses two command and control servers, one of them served out of a blog with encrypted posts. Posts to the blog identify the URL of the primary C&C server.
This presumably gives the malware’s makers a handy way to move their C&C server around to avoid detection. The blog also hosts new copies of ANDROIDOS_ANASERVERBOT.A which are downloaded when the software connects (see Trend Micro’s flowchart for the process).
The security company also notes that upon installation, the supposed e-book reader asks for an unreasonable number of permissions – should the user be foolish enough to allow installation after reading the permission requests, the malware can access network settings and the Internet, control a device’s vibration alert, disable key locks, make calls, read low-level logfiles, read and write contact details, restart apps, wake the device, and use SMS.
Targeted at Chinese users, the app also disables security software from Qihoo360 and Tencent, among others.
Android security has been increasingly under a cloud, with HTC scrambling for a fix after turning its phones into data-spewing monsters; a banking Trojan designed to intercept security texts; a security researcher discovering a dozen malicious apps on the official Android market; and earlier this month, Google was criticized as ignoring a bug that allowed malware to be installed without warning.
Trend Micro’s post is here. ®
COMMENTS
Android security has been increasingly under a cloud?
Malware stored on a third party site does not impinge on the Android security. A worm burrowing its way onto your Android without user interaction would be of concern. There is no protection against the end user clicking and installing malware.
This is just a trojan, installed by the user ignoring all security warnings. If someone has a solution for PBKAC -Other than eugenics (which is immoral and takes far too long ;-) this is a good moment for making it public.
Problem is that some seemingly "safe" apps ask for the same wide permissions ... I'm fairly sure that Google Tracks or Maps asks for similar - I was certainly surprised that one of the Google apps was asking for permission to make calls but its possible that that may be to enable you to find a location (e.g. a restaurant) on a map and phone it directly. As a result its sometimes difficult to work out why an app is requesting certain permissions.
Possibly a solution would be to require apps to state the reasons why they need each of the permissions which you could browse before deciding to accept/decline the install ... clearly this is not 100% foolproof but migh give some guidance.
IT infrastructure monitoring strategies
What you need to know about cloud backup
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Customer Success Testimonial: Recovery is Everything
