A new Android malware variant has surfaced, using a blog site with encrypted content to implement the malware, according to Tokyo-based Trend Micro Inc.
Researchers who discovered the flaw said the technique was the first of its kind for Android malware.
The new Android malware takes on the shape of an e-book reader application and can be downloaded from a third-party Chinese app store. It attempts to connect to two hardcoded command-and-control (C&C) servers. The cybercriminals use one server to post information and send commands to the malware. The second server is a blog site that contains encrypted content, according to researchers at Trend Micro.
The dangerous malware requests permissions upon installation and once granted, can access network settings, the Internet, control the vibrate alert, disable key locks, make a call, read low-level log files, read and write contact details, restart apps, wake the device and write, read, receive and send SMS, Trend Micro said.
The blog used by the malware included six encrypted posts containing backup C&C server URLs and 18 binaries uploaded between July 23 and September 26. Trend Micro said one of the updates is labeled “_test”, suggesting this particular malware is still in the process of being developed.
“The use of blog platforms in malware activities is not unheard of. In fact, early this year, a botnet was found using Twitter for issuing commands to infected systems,” wrote Karl Dominguez, a Trend Micro threat response engineer in the TrendLabs Malware blog. “This recent adaptation of mobile malware is another sign of continued development and proliferation.”
After decrypting and analyzing the binary files, researchers found that the newer versions of the malware display a notification in an attempt to trick users into approving the download of the update. Trend Micro researchers also found cybercriminals added a new capability in later versions to terminate four security-related apps.
Android malware has become an increasingly popular platform for cybercriminals as of late. McAfee Inc. issued a report in August claiming the Android platform is the number one most targeted with mobile malware.
Most recently, two Android vulnerabilities were pinpointed by security researchers: The first, a permissions escalation bug allowing attackers to install applications with arbitrary permissions without user approval; the second, a Linux kernel privilege escalation bug allowing attackers to gain root control of an Android device using a terminal application.