For some time now we have been predicting that the next evolution in smartphone malware will be for this type of malware to move closer to parity with traditional desktop malware. This has now been confirmed by Trend Micro who have found a varient of Malware – ANDROIDOS_ANDROIDSERVERBOT.A apparently originating from China that masquerades as an e-book reader app. Once on an infected device this malware uses an internet Blog site as its Command and Control server, joining infected devices into an army of zombie smartphones:
“From our analysis, we found that this malware has two hardcoded C&C servers to which it connects in order to receive commands and to deliver payloads. The first server is just like the usual remote site to which the malware posts information to and gets commands from. The second C&C server, however, caught our attention more. This is a blog site with encrypted content, which based on our research, is the first time Android malware implemented this kind of technique to communicate.”
In an additional element of parity, this Malware also has the capability to disable on device security software, terminating the following chinese security apps:
com.qihoo360.mobilesafe
com.tencent.qqpimsecure
com.ijinshan.mguard
com.lbe.security
Smartphones are full computing platforms. This latest threat evolution was entirely predictable yet in my view very little is being done at the consumer end or even at the telco end to protect against the impact this sort of infection could represent.
Just imagine an army of millions of infected phones all calling premium rate numbers or sending out spam emails….
Marc's Security Ramblings 