New Android Trojan Reads Blogs to Update Itself
A new Trojan is making waves not just for the harm it can cause Android smartphones, but for how it goes about wreaking that havoc.
Like other Trojans targeting Google's smartphone platform, the Trojan identified by the security firm Trend Micro as "ANDROIDOS_ANSERVER.A" is capable of accessing stored info on users' devices as well as making calls, restarting apps and sending and receiving text messages. And like similar malware, the Trojan hides itself in an app; ANDROIDOS_ANSERVER.A was found embedded in an e-book reader app available for download in a third-party Chinese Android app store.
However, this Trojan is different: It puts another stick in the spokes of smartphone security by receiving its evil instructions and attack codes from a blog.
The Trojan gathers information from the infected device, Trend Micro explained, and then uses the blog to figure out which command-and-control server to connect to. The Trojan then receives an XML file from the malicious server, which includes a URL where the Trojan can update itself to stay ahead of software designed to detect and eliminate it .
"This is a blog site with encrypted content, which, based on our research, is the first time Android malware implemented this kind of technique to communicate," Trend Micro's Karl Dominguez wrote on a company blog.
Trend Micro found 18 variations of the Trojan posted to the blog from July 23 to Sept. 26. One addition to the Trojan allows it to terminate four security-related apps.
To make sure you don't fall prey to this or any smartphone malware, download only apps from trusted sources, such as the official Android Market or iTunes, and never from third-party websites. And make sure to read an app's user comments to see if it has received negative reviews from consumers or has been flagged as corrupt.