Feeds

Android malware under blog control says Trend Micro

Beware the Chinese e-book reader

Internet Security Threat Report 2014

Trend Micro is reporting a Chinese Android malware that operates partly under the command and control of a blog.

The ANDROIDOS_ANSERVERBOT.A malware is disguised as an e-book reader offered on a third-party Chinese app store. It uses two command and control servers, one of them served out of a blog with encrypted posts. Posts to the blog identify the URL of the primary C&C server.

This presumably gives the malware’s makers a handy way to move their C&C server around to avoid detection. The blog also hosts new copies of ANDROIDOS_ANASERVERBOT.A which are downloaded when the software connects (see Trend Micro’s flowchart for the process).

The security company also notes that upon installation, the supposed e-book reader asks for an unreasonable number of permissions – should the user be foolish enough to allow installation after reading the permission requests, the malware can access network settings and the Internet, control a device’s vibration alert, disable key locks, make calls, read low-level logfiles, read and write contact details, restart apps, wake the device, and use SMS.

Targeted at Chinese users, the app also disables security software from Qihoo360 and Tencent, among others.

Android security has been increasingly under a cloud, with HTC scrambling for a fix after turning its phones into data-spewing monsters; a banking Trojan designed to intercept security texts; a security researcher discovering a dozen malicious apps on the official Android market; and earlier this month, Google was criticized as ignoring a bug that allowed malware to be installed without warning.

Trend Micro’s post is here. ®

Remote control for virtualized desktops

More from The Register

next story
UK smart meters arrive in 2020. Hackers have ALREADY found a flaw
Energy summit bods warned of free energy bonanza
DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
SQLi hole was hit hard, fast, and before most admins knew it needed patching
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Mozilla releases geolocating WiFi sniffer for Android
As if the civilians who never change access point passwords will ever opt out of this one
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.