Cybercrooks using Google Cloud Messaging to target Android
Cybercriminals have started targeting Android devices using the Google Cloud Messaging (GCM) service, according to research from Kaspersky Lab.
The GCM service allows Android-based app developers to communicate with their programs installed on users’ devices, sending information ranging from notifications to application commands.
But cybercriminals have discovered that they can use GCM in place of command and control servers to manage infected Android devices. They can access GCM simply by registering developer accounts with Google.
Kaspersky Lab has detected samples of a piece of malware that uses GCM. Trojan-SMS.AndroidOS.OpFake.a can send SMS to premium numbers without users’ knowledge, steal messages and contacts, delete incoming messages and create shortcuts to malicious sites.
Due to the capabilities of GCM, Kaspersky Lab senior malware analyst Roman Unuchek said the surprise would be if malware writers were not making use of the service.
“The only way to block these channels of communication between the virus writers and their malware is to block the accounts of those developers whose IDs are used when registering malicious programs,” he said.
Kapersky Lab ANZ technical manager Sam Bryce-Johnson added that local consumers and businesses will face more Android threats as the platform increases its dominance in the Australian smartphone market.
Scattered Spider: where every click is one step closer to chaos
Cybercriminal group Scattered Spider often uses social engineering to gain access to identities...
The MediSecure breach thrusts the security spotlight back on service providers
Organisations have been confronting security risks in their supply chains for years, but a new...
Managing third-party cybersecurity risks in the supply chain
Third-party cybersecurity breaches occur when the victim's defences are compromised through a...