Using Google Cloud Messaging Service (GCM) as Command and Control server for Android Malware is not a new concept, as last year Security researcher and Hacker 'Mohit Kumar' demonstrated 'Android Malware Engine' - One of the Most Sophisticated Android malware during Malcon conference.
- 1. SMS.AndroidOS.FakeInst.a
- 2. SMS.AndroidOS.Agent.ao
- 3. SMS.AndroidOS.OpFake.a
- 4. Backdoor.AndroidOS.Maxit.a
- 5. SMS.AndroidOS.Agent.az.
Google Cloud Messaging Service (GCM) act as Command and Control server for the Trojans, which makes the malware updates as the official Updates via Google.
This last malware is also able to steal Sensitive information from the victim's handset such as contacts and it is also able to self-update its code, the agent appeared very active And was detected in 97 different countries, the majority in Russia and Eastern countries.
The Kaspersky team has blocked more than 60,000 Attempted installs, it sends several commands from both the GCM and its Own C&C servers such as:
- Sending premium text messages to a specified number
- Sending text messages
- Performing self-updates
- Stealing text messages
- Deleting incoming text messages that meet the criteria set by the C&C
- Theft of contacts
- Replacing the C&C or GCM numbers
- Stopping or restarting its operations