Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Android Security News

Android Malware Using Blog As C&C Server 89

wiredmikey writes "Security researchers have discovered a unique feature circulating in some Android-based malware. The malicious application is using a blog in China to act as a Command and Control (C&C) server. On Tuesday, Trend Micro discovered a malicious Android application out of China using the new trick to receive instructions, and appears to be the first time Android malware implemented this kind of technique to communicate with its server."
This discussion has been archived. No new comments can be posted.

Android Malware Using Blog As C&C Server

Comments Filter:
  • by wierd_w ( 1375923 ) on Wednesday October 05, 2011 @09:35PM (#37621542)

    The obvious solution is to use something that is at once ubiquitous and innately evil, like twitter or facebook.

    Imagine the new 'activates malware' hashtag!

  • C&C (Score:2, Funny)

    by Anonymous Coward

    Hehe, I thought for a moment it was being used as a Command & Conquer server...

  • by ThorGod ( 456163 ) on Wednesday October 05, 2011 @09:46PM (#37621656) Journal

    Android wouldn't be having this problem if it ran a HURD kernel...

    > : )

    • by Anonymous Coward

      I apologize profusely in advance for this obvious joke.

      Android wouldn't be having this problem if it ran a HURD kernel...

      Mainly because your phone would still be in the early alpha stages for another fifteen years.

  • Why aren't all malware creators doing this?
    • Why aren't all malware creators doing this?

      Short answer: Higher barriers to entry on malware^W Windows environment programming.

      Things get tricky when you're a beginner coder who must do native Windows programming, and need network connectivity. After decades of 'progress' those Windows viruses you're hinting that we create in our sleep are still almost exclusively nasty DOS-using compilations and/or assembly-based. As such, they require some very low level coding since VBS has stopped being the malware tool of choice due to e-mail policies in newer

      • by gtall ( 79522 )

        Android doesn't run on Java (which isn't wrong in the Pauli sense), it reimplements a subset of Java, so you cannot count on a Java exploit on, say, Windoze to work on an Android phone.

    • by TheLink ( 130905 )
      Because not enough people have moved to Linux and OSX.

      The malware authors are thus stuck with crap like vbscript or building executables that can't be too big for bandwidth reasons.

      Think of what malware authors could do if they could use perl, python and all the cool stuff.

      They could have innocuous scripts that through "bugs" end up becoming malware that use search engines and other sites to search the internet for new instructions (checking the signatures to ensure the instructions are from the right sourc
      • by DrXym ( 126579 )
        Android allows people to develop apps in C/C++ and there are ports of perl, python etc. It's probably more likely done this way because mobile phone operators are less likely to impede a device for making an http request vs one which is trying to talk with an IRC server or whatever.
    • by maxume ( 22995 )

      You have two rambling replies about the authors not being sophisticated enough, I'm not sure those guys understand what a rootkit is, or that lots of windows malware installs stuff as services, or stuff that completely subverts a browser, or whatever.

      Anyway, I'm pretty sure it isn't new, the malware author probably used the technique because it was easy, maybe because they thought it would be less obvious in the telecom's proxy logs or whatever.

      I wouldn't say it is all that innovative, the phone companies c

  • by Anonymous Coward

    This actually makes sense considering that so many "computers" being manufactured for the Chinese market are now Android based. Yes, Microsoft is freaking out and trying to get their OS on ARM because of all the ARM based Android tablets, micro-books, or net-books that are on the market in China are eating their market share for "real" computers. Why spend almost a months disposable income on a machine capable of running a pirated copy of Windows XP when you can spend 1/5 to 1/3 that amount on a fully featu

    • "Why spend almost a months disposable income on a machine capable of running a pirated copy of Windows XP when you can spend 1/5 to 1/3 that amount on a fully featured Android tablet/palm-top/micro-book/whatever?"

      You shouldn't have posted AC, because this is highly Insightful. The way to undercut MSFT isn't just to take x86 space, but route around their obstacle by running on other devices.

      The tip of this iceberg are cheap shit devices like the Sylvania and other ARM netbooks, because they will improve and

      • Comment removed (Score:4, Insightful)

        by account_deleted ( 4530225 ) on Wednesday October 05, 2011 @11:19PM (#37622280)
        Comment removed based on user account deletion
        • In the end, all those apps may run on a hardware-assisted QEMU host. ICT already has 80% X86 native speeds on a modified MIPS architecture, so there's no reason ARM can't do the same. It would be amusing if an Android/QEMU/Wine combination beat MS to legacy app comparability...

          Hardware-assisted x86 emulation
          Loongson 3 adds over 200 new instructions to speed up x86 instruction execution at a cost of 5% of the total die area. The new instructions help QEMU translate x86 instructions by lowering the overhead of executing x86/CISC-style instructions in the MIPS pipeline. With added improvements in QEMU from ICT, Loongson-3 achieves an average of 70% the performance of executing native binaries when running x86 binaries from nine benchmarks.[11]

          http://en.wikipedia.org/wiki/Loongson [wikipedia.org]

        • US law requires that cellphone network carriers accept emergency calls, even from non-active cellphones. So if you turn the thing on and it can see a tower, you can use it to make a 911 call. No account, no contract, no cost.

          Some charity organizations, like domestic abuse shelters, are giving out donated inactivated cellphones to people who don't have one of their own so that no matter where they are, if they get into trouble, they can at least dial 911.

          A little quality time with your search engine of c

        • Why would you give away a netbook? Throw your favorite Linux distro on there and be on your way. That's what I would have done anyways.
        • Riiiight. Might work in the east, where the masses have never had a computer in the first place, won't work in the west and here is why: Just last year one of the local vendors in my area sold "Windows netbooks for $100" with in tiny writing "Compact Edition" but hell, people don't know what that means. it looked like XP, that was all that they saw.

          Within a few weeks the local CL was filled to the brim with folks practically GIVING the things away. Why was that? Was there something wrong with them? Nope I tried one for a few weeks before giving it away and it was just fine for basic net surfing but it wouldn't run Windows programs so everyone (including me) got rid of them.

          The reason why MSFT rules the desktop is the same reason why MSFT has to royally bust their ass maintaining backwards compatibility and that is the millions of x86 apps written that folks use every day, from the software that came with their cameras and printers to the software they use at the office. it is ALL x86 and while Linux guys can scream "We got stuff just as good!" frankly that's bullshit. Where is the custom medical and shipping apps? software equal to Quicken/Quickbooks? it doesn't exist in Linux and it sure as hell doesn't exist in ARM Linux, which has even less apps than x86 Linux.

          The reason Apple can get away with the numbers they do is because everyone considers their cell phones throw away items. folks use it until their contract is up and then get another one and they have been trained that their programs won't work because what worked with phone foo don't with phone bar. Hell everyone I know has drawers filled with the things as they don't know WTF to do with all their old phones. from what I've seen the masses treat the tablet as "a big cell phone" and therefor phone rules apply. but when you start talking netbooks and the like? those are "baby laptops" and they damned well WILL expect it to run everything their desktop runs, just slower because "its a baby". Believe me as a retailer I've seen it first hand.

          I would mod your post insightful except for one thing -- you seem oblivious to the concept of emulation. Every thing you say could be true, if computers weren't Turing machines -- anything that can be implemented on one Turing machine can be implemented on another, and this includes the Turing machine itself. As processors and storage evolve, you can expect to see VM implementations for *any* hardware/software architecture you care to name transparently available for any platform. Right now, I run Wi

  • Another non-story. (Score:5, Insightful)

    by Kenja ( 541830 ) on Wednesday October 05, 2011 @10:11PM (#37621818)
    You first have to install a the app from an untrusted site and ignore the page full of warnings the OS throws at you before this can do anything. Seriously, look at the screen shot in the FA. You have to agree that the app can make outgoing phone calls. If you click through that many warnings I would hardly call this malware. Its doing exactly what it says it will do.
    • Re: (Score:3, Insightful)

      by tepples ( 727027 )
      Given that pretty much every app that I've seen asks for full Internet access (so that it can talk to the Internet service it was made to talk to) and phone call state (so that it can back off if you get a call), I guess people have started ignoring these warnings.
      • by tycoex ( 1832784 ) on Wednesday October 05, 2011 @11:16PM (#37622260)

        You didn't actually look before replying did you...?

        I've installed about 100 apps on my phone and I have never seen a single app that had this many permissions.

        Okay, so you download your third-party Chinese app store (bad idea in the first place, from my experience Chinese web sites are terrible for malware).

        Next, you download an e-book reader. Now, off the top of my head I can think of a few permissions an e-book reader might need. Perhaps full internet access, modify SD contents, prevent phone from sleeping, and maybe a few more, but that's about it.

        Now look at some of the permissions for this e-book reader, they are very obviously not needed for an e-book reader:

        1) Edit, read, or receive SMS/MMS.
        2) Read and write contact data.
        3) Directly call phone numbers and send SMS messages.
        4) Read system log files
        5) Write access point name settings

        I can see a situation where something ambiguous that might actually be needed such as "full internet access" could be exploited, but this definitely isn't one of those situations.

        • by Charliemopps ( 1157495 ) on Wednesday October 05, 2011 @11:32PM (#37622334)
          Ok, no put all those questions in front of your mom and... Malware!
          • Why would your mom take the trouble of allowing third party stores enabled and be perplexed by this notification?

            My phone shows a big notification saying:
            Services that cost you money - Directly call phone numbers and send SMS messages.

            That usually results in my mother calling me for clarification...
            You see, people don't take lightly any sentences that have cost + money in them. The ones that do, are soon left penniless.
          • by tycoex ( 1832784 )

            My mom wouldn't be using a third party Chinese app store.

            She also wouldn't be downloading some random unheard of book reader, she would be using something she has heard of such as kindle or nook.

            And lastly she would probably be alarmed by the bold lettered "services that cost you money" part of the permissions.

            Your Mom may be an idiot but that doesn't mean everyone else who isn't tech savvy is.

        • I've seen Scripting Layer for Android (SL4A) request a shitload of permissions so that scripts loaded into it can access API features that require those permissions.
        • Comment removed based on user account deletion
          • Actually, both on Android and on Windows it is the user's fault, and I'm no Windows apologist. It's as much user's fault as falling for a phishing email or "Your drive is infected. Check for viruses now." banner. It's like complaining that you get an STD after having sex with all your town's sluts... or downloading cracked software.
            When a security hole is exploited, then it'll be Windows and Android to blame. Social engineering is still the biggest threat.
            • BS - Most malware infections today do not come from perusing around the dark alleyways of the internet. Here's an anecdote:

              I repaired a machine with a bad malware infection. I also was able to do an audit and see exactly where the machine was going on the inernet, when, and even the searches. The owner's kid was literally searching for busty milfs and goat sex. All week long, after the owner was going to bed. Saturday morning the last search before infection was "TV repair in [local town]". Bam. Drive-by d
          • by brunes69 ( 86786 )

            And do you think your dad would have gone into his phone, added untrusted applications, downloaded an APK from a Chinese website, used ADB to serial copy it to his phone, and install it?

            NO????

            Then shut up.

            These capabilities in Android are great for power users. And non-power users don't even know they exist. The hyperbole about Android malware on these Chinese app markets is astounding.

            • Perhaps someone already turned on "Unknown sources" to get the Amazon Appstore-exclusive game Angry Birds Rio working. And once that's on, you don't need to use ADB to sideload; you can just navigate to the APK using a web browser.
          • by tepples ( 727027 )

            Yeah, I'm pretty sure even an 80 year old non-technologist like my dad would be tipped off by something as unambiguous as "write access point name settings."

            So I guess you're right that some of the privileges' explanations are poorly worded. For example, this one appears to mean "use specific data networks".

          • by tycoex ( 1832784 )

            It's a good thing that was just ONE of the money red-flag raising permissions for this app. Even if he doesn't have a clue what "write access point name settings" means, he should know what " Services that cost you money: Directly call phone numbers and send SMS messages" means.

            I also think it's pretty disingenuous to consider an "80 year old non-technologist" as the mass market. I think the mass market for smartphones is probably the under 65 crowd, and while no where near the average slashdot readers lev

        • by AI0867 ( 868277 )

          I have. Every last app from google.

      • ...and phone call state (so that it can back off if you get a call)

        No, all Android apps have to back off when you get a call. That's not a permission, that's an absolute requirement.

        And yes, older Android apps have this permission required by default [zdnet.com] (so the user sees it), but you should be starting to see this permission used for no reason less and less now as this is only for apps that still target API level 3 (and that only represents 1.1% of the user phones right now).

        • I scanned down the list of things in TelephonyManager [android.com] that require READ_PHONE_STATE.

          Say a program needs to stop playing music if the phone starts ringing. In Android, background processes such as Internet radio applications run as services. So how is a service created by a program without READ_PHONE_STATE notified that the phone is ringing so that the service can stop playing the stream? Or does Android automatically stop all other audio sources once the phone starts ringing?

          Say a program needs to make

    • That's the same situation with the majority of Windows viruses (Windows, not Adobe or Java). People get a ton of warnings, they click on it anyway, and another person is complaining about how Windows is so vulnerable. I currently don't have any outstanding security issues on my PC. But I do have an outstanding security issue on my Android phone. Granted, it was put there by HTC, the maker of the phone.
    • by tlhIngan ( 30335 )

      You first have to install a the app from an untrusted site and ignore the page full of warnings the OS throws at you before this can do anything. Seriously, look at the screen shot in the FA. You have to agree that the app can make outgoing phone calls. If you click through that many warnings I would hardly call this malware. Its doing exactly what it says it will do.

      Dancing Pigs [wikipedia.org].

      I can say that "Unauthorized Sources" can be enabled quite easily - perhaps you go use Amazon's App Store. That's not a protectio

    • This is why all Android users who install apps from "untrusted sources" should install permission dog. What permission dog does is twofold

      a) It does a full audit of all the apps on your phone, so you can easily see a simple breakdown of all of the permissions apps you CURRENTLY HAVE are using. Ones using too many permissions are flagged with warning icons.

      b) If you have root, then It allows you to deny individual permissions to apps. So if an app is asking for permission A B and C, you can allow A and C but

  • and appears to be the first time Android malware implemented this kind of technique to communicate with its server.

    correction, this is the first time those security researchers have found this implementation. this isn't exactly rocket science.

  • The Chinese may one day defeat my ultimate security system for Android: When the app's summary is written in bad Engrish, do not install.
  • My wife and I have relatively new Sprint HTC EVO Android-based smart phones. My wife has downloaded a lot of apps, nothing that looks suspicious, reads a lot of Email newsletters, and uses hers to send and exchange GMail Email, etc. With limited vision, I do all my newsletters, Email, etc. on this desktop except I have read some news etc., and received some mail from her etc., on my cell phone. We're both suddenly getting both messages and mail from unknown sources that is spam, some highly objectiona

Keep up the good work! But please don't ask me to help.

Working...