Android malware using Google’s Cloud Messaging service

Android Malware via Google Cloud Messaging

Researchers at internet security firm, Kaspersky Lab, have discovered a piece of malware that uses Google Cloud Messaging as a replacement for Command and Control servers.

According to Kaspersky Lab, this makes it even easier and quicker for cybercriminals to infect Android devices, by simply registering on the Google service.

Google Cloud Messaging is a service that is designed to allow app users to send data from their servers to users of Android devices. Information that can be sent via this service include notifications and commands for the app itself.

The malware, called Trojan-SMS.AndroidOS.OpFake.a is able to get devices to send text messages to premium rate numbers, as well as accessing personal data on the handset, allowing hackers to steal messages and copy contact details.

The malware can also link the handset to mobile sites that host malicious code, plus deliver notifications and adverts for other infected apps which are spoof versions of real apps.

“It would be strange if virus writers were not taking advantage of the opportunities offered by this service,” said Roman Unucheck, Senior Malware Analyst as Kaspersky Lab. “The only way to block these channels of communication between the virus writers and their malware is to block the accounts of those developers whose Ids are used when registering malicious programs. We have informed Google about the detected GCM-ID, which are used in malware.”

Currently the number of malware apps using GCM are still rather low, however Kaspersky noted some are widespread in Asia, Western Europe and former Soviet bloc countries.

Naturally, one of the ways to protect your device from this threat, amongst others, is to use Kaspersky's security software on your handset. To be fair, their software is pretty good, and there are a few others to choose from too. The main point is make sure you have a decent, up-to-date security package installed on your device.

Source: SecureList.com