Mobile botnets are on the rise and one of the areas attackers are using the Google Cloud Messaging service as a stepping off point to send data from command-and-control servers to malware, researchers said.

The third quarter was “undoubtedly the quarter of mobile botnets,” as cybercriminals tried to improve the ways they manage their networks of infected Android devices, said Kaspersky Lab in its IT Threat Evolution report.

Researchers Debate Shrinking Botnet
Automated Hacking Tools Visit Login Pages
Malware Targets SAP Users
Chrome Search Leads to Malware

The latest weapon in criminals’ arsenal is Google Cloud Messaging, which enables them to send short messages in the JSON format to instruct malware on Android devices. JSON, or JavaScript Object Notation, is an open standard format that uses human-readable text to transmit data from a server to Web applications.

Google Cloud Messaging can communicate with the most widespread SMS Trojans, Kaspersky said in the report. SMS Trojans are a common form of mobile malware that sends text messages to premium-rate phone services. The charges, not easily recovered, show up later on the victim’s wireless phone bill.

Schneider Bold

“The only way of preventing this channel from being used by malware writers to communicate to their malware is to block the (Google Cloud Messaging) accounts of developers who use them to spread malware,” Kaspersky said.

Very few malicious programs use Google Cloud Messaging, but those that can are growing in popularity, the security vendor said.

SMS Trojans, the most common type of mobile malware, are mostly in Russia and other regions where Android users regularly download software from third-party app stores. Malware is much less likely to hide in Google Play, the official Android store.

Infection hurdles include bypassing defenses Google builds into the operating system and the lack of effective mechanisms for mass distribution. Criminals are turning to botnets to clear the latter, and Kaspersky in mid-July recorded what the vendor said were the first third-party botnets.

Click here to view the Kaspersky Lab IT Threat Evolution report.


Pin It on Pinterest

Share This