Android malware utilising Google Cloud Messaging service

Kaspersky Lab claims it has found Android malware making use of an Android app messaging service.

Once you have a piece of malware sitting in the Google Play store, it would be remiss not to use the services available in the Android ecosystem to aid your nefarious activities.

Kaspersky Lab researchers said today that they have found a piece of malware that is using Google Cloud Messaging (GCM) as a replacement for command and control servers and services.

"This makes it quicker and cheaper to manage infected Android devices, simply by registering on the Google service," Kaspersky said in a statement.

The company has found a number of malware samples that use GCM, with one, dubbed Trojan-SMS.AndroidOS.OpFake.a being able to send text messages, steal messages and contacts, create shortcuts to sites, and show notifications that advertise other pieces of malware.

"It would be strange if virus writers were not taking advantage of the opportunities offered by this service," said Roman Unuchek, senior malware analyst at Kaspersky Lab.

"The only way to block these channels of communication between the virus writers and their malware is to block the accounts of those developers whose IDs are used when registering malicious programs. We have informed Google about the detected GCM-ID, which are used in malware."

Kaspersky Lab admits that while the number of malware apps using GCM is low, some are widespread in Asia, Western Europe, and former Soviet bloc countries.

While Android is dominating the number of handsets sold across the world, it also claims the highest number of malware apps available.

Two recent reports have said that malware rates on Android are increasing . In one study, the headline number was a six-fold increase from March to June this year.

Show Comments