14 DAY TRIAL // The folks at Trend Micro have just announced they discovered a new malware that targets the Android mobile platform and can easily avoid detection after it is installed on a device.
The Android malware is called ANDROIDS_ANSERVER.A, and is delivered as an e-book reader application that can be downloaded and installed from a Chinese third-party app store.
However, Android tinkerers and those familiar with Google's operating system are likely to guess that this is a malware just by checking out the app's long list of permissions.
It appears that upon installation the application will ask users for the following permissions:
- Messages (edit SMS or MMS, read SMS or MMS, receive SMS); - Network communication (full Internet access); - Personal information (read contact data, write contact data); - Storage (modify/delete SD card contents); - Services that cost money (directly call phone numbers, send SMS messages), - Phone calls (read phone state and identity); - System tools (prevent phone from sleeping, read system log files, write Access Point Name settings).
According to Trend Micro, the malware uses two command and control (C&C) servers. Apparently one of these servers is a blog site with encrypted content that contains backup C&C server URLs.
In addition, several files containing various versions of one file have been discovered, which suggests that the malware is a work in progress.
Further analysis revealed that no less than 18 binaries have been uploaded on the aforementioned blog site between July 23 and September 26.
The latest file uploaded has the ability to “display notifications that attempt to trick users into approving the download of an update,” the guys over at Trend Micro claim.
Furthermore, Trend Micro also warns Android users that the malware also has the capability to disable several security-related applications: com.qihoo360.mobilesafe, com.tencent.qqpimsecure, com.ijinshan.mguard and com.lbe.security.