Android Malware Using Blog As C&C Server 89
wiredmikey writes "Security researchers have discovered a unique feature circulating in some Android-based malware. The malicious application is using a blog in China to act as a Command and Control (C&C) server. On Tuesday, Trend Micro discovered a malicious Android application out of China using the new trick to receive instructions, and appears to be the first time Android malware implemented this kind of technique to communicate with its server."
so, blogs can contain keywords to trigger malware? (Score:3)
The obvious solution is to use something that is at once ubiquitous and innately evil, like twitter or facebook.
Imagine the new 'activates malware' hashtag!
Re: (Score:2)
Or Google?
Re: (Score:3)
Re: (Score:2)
Re: (Score:1)
As for the non walled garden approach, clearly most people prefer it given the popularity of Android.
C&C (Score:2, Funny)
Hehe, I thought for a moment it was being used as a Command & Conquer server...
Re: (Score:3)
Re: (Score:2)
Well, a lot of people did request an Engineer...
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
should have gone the HURD (Score:3)
Android wouldn't be having this problem if it ran a HURD kernel...
> : )
Re: (Score:1)
I apologize profusely in advance for this obvious joke.
Android wouldn't be having this problem if it ran a HURD kernel...
Mainly because your phone would still be in the early alpha stages for another fifteen years.
Is this new or innovative? (Score:2)
Re: (Score:3)
Why aren't all malware creators doing this?
Short answer: Higher barriers to entry on malware^W Windows environment programming.
Things get tricky when you're a beginner coder who must do native Windows programming, and need network connectivity. After decades of 'progress' those Windows viruses you're hinting that we create in our sleep are still almost exclusively nasty DOS-using compilations and/or assembly-based. As such, they require some very low level coding since VBS has stopped being the malware tool of choice due to e-mail policies in newer
Re: (Score:1)
Android doesn't run on Java (which isn't wrong in the Pauli sense), it reimplements a subset of Java, so you cannot count on a Java exploit on, say, Windoze to work on an Android phone.
Re: (Score:2)
The malware authors are thus stuck with crap like vbscript or building executables that can't be too big for bandwidth reasons.
Think of what malware authors could do if they could use perl, python and all the cool stuff.
They could have innocuous scripts that through "bugs" end up becoming malware that use search engines and other sites to search the internet for new instructions (checking the signatures to ensure the instructions are from the right sourc
Re: (Score:2)
Then I don't know why more hackers haven't done the fancy C&C stuff. Maybe they didn't need to yet?
Anyway it definitely isn't hard to do. Even I could do it. At work, one of our products has windows, linux/OSX/AIX/Solaris agents that communicate with a central server, but we're in the legit business so we are unlikely to need such C&C stuff. From my experience creating and fixing such agents (I didn't create the windows ones) it's much easier to do such stuff in perl than vbscript or C/C++. I'd glad
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
You have two rambling replies about the authors not being sophisticated enough, I'm not sure those guys understand what a rootkit is, or that lots of windows malware installs stuff as services, or stuff that completely subverts a browser, or whatever.
Anyway, I'm pretty sure it isn't new, the malware author probably used the technique because it was easy, maybe because they thought it would be less obvious in the telecom's proxy logs or whatever.
I wouldn't say it is all that innovative, the phone companies c
Android C&C in China? (Score:2, Interesting)
This actually makes sense considering that so many "computers" being manufactured for the Chinese market are now Android based. Yes, Microsoft is freaking out and trying to get their OS on ARM because of all the ARM based Android tablets, micro-books, or net-books that are on the market in China are eating their market share for "real" computers. Why spend almost a months disposable income on a machine capable of running a pirated copy of Windows XP when you can spend 1/5 to 1/3 that amount on a fully featu
Re: (Score:2)
"Why spend almost a months disposable income on a machine capable of running a pirated copy of Windows XP when you can spend 1/5 to 1/3 that amount on a fully featured Android tablet/palm-top/micro-book/whatever?"
You shouldn't have posted AC, because this is highly Insightful. The way to undercut MSFT isn't just to take x86 space, but route around their obstacle by running on other devices.
The tip of this iceberg are cheap shit devices like the Sylvania and other ARM netbooks, because they will improve and
Comment removed (Score:4, Insightful)
Re: (Score:2)
Hardware-assisted x86 emulation
Loongson 3 adds over 200 new instructions to speed up x86 instruction execution at a cost of 5% of the total die area. The new instructions help QEMU translate x86 instructions by lowering the overhead of executing x86/CISC-style instructions in the MIPS pipeline. With added improvements in QEMU from ICT, Loongson-3 achieves an average of 70% the performance of executing native binaries when running x86 binaries from nine benchmarks.[11]
http://en.wikipedia.org/wiki/Loongson [wikipedia.org]
Re: (Score:2)
Donate your old cellphones to charity. (Score:2)
US law requires that cellphone network carriers accept emergency calls, even from non-active cellphones. So if you turn the thing on and it can see a tower, you can use it to make a 911 call. No account, no contract, no cost.
Some charity organizations, like domestic abuse shelters, are giving out donated inactivated cellphones to people who don't have one of their own so that no matter where they are, if they get into trouble, they can at least dial 911.
A little quality time with your search engine of c
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
It's a Turing machine, people... (Score:2)
Riiiight. Might work in the east, where the masses have never had a computer in the first place, won't work in the west and here is why: Just last year one of the local vendors in my area sold "Windows netbooks for $100" with in tiny writing "Compact Edition" but hell, people don't know what that means. it looked like XP, that was all that they saw.
Within a few weeks the local CL was filled to the brim with folks practically GIVING the things away. Why was that? Was there something wrong with them? Nope I tried one for a few weeks before giving it away and it was just fine for basic net surfing but it wouldn't run Windows programs so everyone (including me) got rid of them.
The reason why MSFT rules the desktop is the same reason why MSFT has to royally bust their ass maintaining backwards compatibility and that is the millions of x86 apps written that folks use every day, from the software that came with their cameras and printers to the software they use at the office. it is ALL x86 and while Linux guys can scream "We got stuff just as good!" frankly that's bullshit. Where is the custom medical and shipping apps? software equal to Quicken/Quickbooks? it doesn't exist in Linux and it sure as hell doesn't exist in ARM Linux, which has even less apps than x86 Linux.
The reason Apple can get away with the numbers they do is because everyone considers their cell phones throw away items. folks use it until their contract is up and then get another one and they have been trained that their programs won't work because what worked with phone foo don't with phone bar. Hell everyone I know has drawers filled with the things as they don't know WTF to do with all their old phones. from what I've seen the masses treat the tablet as "a big cell phone" and therefor phone rules apply. but when you start talking netbooks and the like? those are "baby laptops" and they damned well WILL expect it to run everything their desktop runs, just slower because "its a baby". Believe me as a retailer I've seen it first hand.
I would mod your post insightful except for one thing -- you seem oblivious to the concept of emulation. Every thing you say could be true, if computers weren't Turing machines -- anything that can be implemented on one Turing machine can be implemented on another, and this includes the Turing machine itself. As processors and storage evolve, you can expect to see VM implementations for *any* hardware/software architecture you care to name transparently available for any platform. Right now, I run Wi
Re: (Score:2)
Another non-story. (Score:5, Insightful)
Re: (Score:3, Insightful)
Re:Another non-story. (Score:5, Informative)
You didn't actually look before replying did you...?
I've installed about 100 apps on my phone and I have never seen a single app that had this many permissions.
Okay, so you download your third-party Chinese app store (bad idea in the first place, from my experience Chinese web sites are terrible for malware).
Next, you download an e-book reader. Now, off the top of my head I can think of a few permissions an e-book reader might need. Perhaps full internet access, modify SD contents, prevent phone from sleeping, and maybe a few more, but that's about it.
Now look at some of the permissions for this e-book reader, they are very obviously not needed for an e-book reader:
1) Edit, read, or receive SMS/MMS.
2) Read and write contact data.
3) Directly call phone numbers and send SMS messages.
4) Read system log files
5) Write access point name settings
I can see a situation where something ambiguous that might actually be needed such as "full internet access" could be exploited, but this definitely isn't one of those situations.
Re:Another non-story. (Score:5, Insightful)
Re: (Score:2)
My phone shows a big notification saying:
Services that cost you money - Directly call phone numbers and send SMS messages.
That usually results in my mother calling me for clarification...
You see, people don't take lightly any sentences that have cost + money in them. The ones that do, are soon left penniless.
Re: (Score:2)
My mom wouldn't be using a third party Chinese app store.
She also wouldn't be downloading some random unheard of book reader, she would be using something she has heard of such as kindle or nook.
And lastly she would probably be alarmed by the bold lettered "services that cost you money" part of the permissions.
Your Mom may be an idiot but that doesn't mean everyone else who isn't tech savvy is.
SL4A (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Re: (Score:3)
When a security hole is exploited, then it'll be Windows and Android to blame. Social engineering is still the biggest threat.
Re: (Score:2)
I repaired a machine with a bad malware infection. I also was able to do an audit and see exactly where the machine was going on the inernet, when, and even the searches. The owner's kid was literally searching for busty milfs and goat sex. All week long, after the owner was going to bed. Saturday morning the last search before infection was "TV repair in [local town]". Bam. Drive-by d
Re: (Score:2)
And do you think your dad would have gone into his phone, added untrusted applications, downloaded an APK from a Chinese website, used ADB to serial copy it to his phone, and install it?
NO????
Then shut up.
These capabilities in Android are great for power users. And non-power users don't even know they exist. The hyperbole about Android malware on these Chinese app markets is astounding.
Why turn on "Unknown sources" (Score:2)
Re: (Score:2)
Yeah, I'm pretty sure even an 80 year old non-technologist like my dad would be tipped off by something as unambiguous as "write access point name settings."
So I guess you're right that some of the privileges' explanations are poorly worded. For example, this one appears to mean "use specific data networks".
Re: (Score:2)
It's a good thing that was just ONE of the money red-flag raising permissions for this app. Even if he doesn't have a clue what "write access point name settings" means, he should know what " Services that cost you money: Directly call phone numbers and send SMS messages" means.
I also think it's pretty disingenuous to consider an "80 year old non-technologist" as the mass market. I think the mass market for smartphones is probably the under 65 crowd, and while no where near the average slashdot readers lev
Re: (Score:2)
I have. Every last app from google.
Re: (Score:2)
...and phone call state (so that it can back off if you get a call)
No, all Android apps have to back off when you get a call. That's not a permission, that's an absolute requirement.
And yes, older Android apps have this permission required by default [zdnet.com] (so the user sees it), but you should be starting to see this permission used for no reason less and less now as this is only for apps that still target API level 3 (and that only represents 1.1% of the user phones right now).
READ_PHONE_STATE, net radio, and COPPA (Score:2)
I scanned down the list of things in TelephonyManager [android.com] that require READ_PHONE_STATE.
Say a program needs to stop playing music if the phone starts ringing. In Android, background processes such as Internet radio applications run as services. So how is a service created by a program without READ_PHONE_STATE notified that the phone is ringing so that the service can stop playing the stream? Or does Android automatically stop all other audio sources once the phone starts ringing?
Say a program needs to make
Re: (Score:2)
Re: (Score:2)
Dancing Pigs [wikipedia.org].
I can say that "Unauthorized Sources" can be enabled quite easily - perhaps you go use Amazon's App Store. That's not a protectio
+100 - Install Permission Dog if you use untrusted (Score:2)
This is why all Android users who install apps from "untrusted sources" should install permission dog. What permission dog does is twofold
a) It does a full audit of all the apps on your phone, so you can easily see a simple breakdown of all of the permissions apps you CURRENTLY HAVE are using. Ones using too many permissions are flagged with warning icons.
b) If you have root, then It allows you to deny individual permissions to apps. So if an app is asking for permission A B and C, you can allow A and C but
Re: (Score:3)
wrong, just wrong. (Score:2)
and appears to be the first time Android malware implemented this kind of technique to communicate with its server.
correction, this is the first time those security researchers have found this implementation. this isn't exactly rocket science.
Re: (Score:2)
Re: (Score:3)
Ok, so let me get this right. You have to agree to permissions for everything an android app does?
Yes.
Do you just spend your whole life agreeing to stuff on your phone?
[Sarcasm]Yes that's right, because I spend every waking moment installing apps on my phone...[/Sarcasm]
I'll take my iPhone, it works, and it always works thank you.
Ok, so let me get this right. You hand over ALL your trust to the app store, and you don't care what permissions an app gets. Because the iDrones at the app store would never make a mistake and let a bad app through, right? You have an iProduct because you like it simple, and reviewing what an app has permission to do while you're installing it is far too complicated for you?
Re: (Score:2)
Yeah, I was going to say that I didn't think C&C had dedicated servers, but renting fast nodes to online gamers might be a good way of monetising the zombies.
Read the app summary (Score:1)
Android Malware (Score:1)