Thursday, 6 October 2011

Web-controlled Android malware

An Android Trojan is controlled remotely via 'command and control' (C&C) websites.

Back in the days before Windows PC threats downloaded commands from websites a friend of mine, Stephen De Vries, predicted that just such a situation would occur.

I think it was only a couple of months later before we started seeing that very behaviour. Many years later it seems that Android malware writers are adopting this effective technique.

Karl Dominguez from Trend Micro has written up an article about an e-book reader that downloads commands and payloads from two hard-coded web servers.

Until recently most of the Android malware we've seen has made us feel like we've been time travelling back to 1999 - Trojans that rely completely on social engineering; dialers; and relatively harmless but annoying jokes.

While it took the bad guys less ten years to evolve their anti-Windows programs, the Android guys have moved a lot faster. This is most likely because the principles of operating have already been proven to be very successful. And they are probably the same guys...

The next step? Removing the hard-coding. Fast-flux Android botnets, anyone?