Researchers from Trend Micro have spotted a piece of malicious software for Android that receives instructions from an encrypted blog, a new method of communication for mobile malware, according to the company.
The malware, which can steal information from an Android phone and send it to a remote server, purports to be an e-book application. It has been found on a third-party Chinese language application store.
Trend Micro calls the malware “ANDROIDOS_ANSERVER.A.” If the application is installed, it asks for a variety of permissions. If those are granted, it can then make calls, read log files, write and receive SMSes and access the Internet and network settings, among other functions.
The malware uses the blog to figure out which command-and-control servers it should check in to. The command-and-control server then feeds the malware an XML file, which contains a URL where the malware can update itself. It can also connect with the blog to check for new updates. Trend Micro found that 18 variants of the malware have been posted to the blog between July 23 to Sept. 26.
“This is a blog site with encrypted content, which based on our research, is the first time Android malware implemented this kind of technique to communicate,” wrote Karl Dominguez, a Trend Micro threat response engineer, on a company blog.
Some of the newer versions of the malware on the blog “had the capability to display notifications that attempt to trick users into approving the download of an update,” Dominguez wrote.
Security experts generally recommend that users should be cautious when downloading Android applications from third-party application stores due to the number of rogue applications that have been found. Users should also keep an eye on what permissions an application asks for and only allow the fewest permissions lest the application has nefarious functions.