14 DAY TRIAL // Cybercriminals are abusing a “loophole” in Google Cloud Messaging – the service that allows Android developers to send data from their servers to their apps installed on Android devices – to control some nasty Android Trojans.
According to Kaspersky experts (report in Russian), the cybercriminals use Google Cloud Messaging as a command and control (C&C) server for their malware.
Most of these pieces of malware are designed to send SMS messages to premium rate numbers, steal messages and contacts, and display shady advertisements that might lead to other malicious elements.
One example is Trojan-SMS.AndroidOS.OpFake.a, which, according to the IT security firm, has been installed over 1 million times on Android devices, particularly by users from Russia and other Commonwealth of Independent States (CIS) countries.
The threat is capable not only of sending SMS messages to premium rate numbers, but also of stealing messages and contacts, deleting SMSs, and sending out messages with links to malicious applications. The malware is also designed to start and stop its activity automatically, and it can even update itself.
The malicious applications are distributed as popular applications and games.
Once an Android device is infected, the cybercriminals use the Google service to send out commands to the Trojans and record their activities. Because GCM is used, experts warn that it’s impossible to block access to the C&C directly from the infected smartphone.
Kaspersky says the only way to block these attacks is for Google to terminate the developer accounts utilized by the cybercriminals. The company has notified the search engine giant and provided it with the GCM developer IDs utilized in the malware attacks.
Kaspersky identifies over 12,000 new samples of mobile malware each month. 97% of these threats target the Android platform.