Kaspersky Lab has announced detection of several popular malicious programs which use Google Cloud Messaging (GCM) as a cheap and easy communication channel with the crooks which created them. GCM allows application developers to communicate with programs installed on the users’ smartphones and tablets.
Kaspersky Lab specialists have detected several samples of dangerous malware targeting Android owners which use GCM to receive commands from the fraudsters. For example, Trojan-SMS.AndroidOS.FakeInst.a can send text messages to premium numbers and delete incoming messages, or create shortcuts to malicious sites and show notifications containing adverts of other malicious programs that are distributed in the guise of useful applications or games. Trojan-SMS.AndroidOS.OpFake.a, in addition to sending text messages to premium numbers, can steal messages and contacts, delete incoming messages and commit a host of other crimes.
Roman Unuchek, Senior Malware Analyst, Kaspersky Lab, said, It would be strange if virus writers were not taking advantage of the opportunities offered by this service. At present, there is not much mobile malware using GCM, but some of the programs are already quite popular. The only way to block these channels of communication between the virus writers and their malware is to block the accounts of those developers whose IDs are used when registering malicious programs. We have informed Google about the detected GCM-ID which are used in malware.
However, GCM has its attractions for cybercriminals who have started to use it to replace Command and Control servers. This makes it quicker and cheaper to manage infected Android devices, simply by registering on the Google service.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.