8.33 PM Thursday, 28 March 2024
  • City Fajr Shuruq Duhr Asr Magrib Isha
  • Dubai 04:57 06:11 12:27 15:53 18:37 19:51
28 March 2024

Google Cloud Messaging – great for Android developers. And criminals…

Published
By Staff

Google Cloud Messaging is a great way for developers to manage legitimate applications – but the service has proved to be an unwitting accomplice to cybercrime, says Kaspersky Lab, the world’s largest privately held vendor of endpoint protection solutions.

Kaspersky Lab says it has detected several popular malicious programs which use Google Cloud Messaging (GCM) as a cheap and easy communication channel with the crooks which created them.

GCM allows application developers to communicate with programs installed on the users’ smartphones and tablet. They can send a range of information, from ordinary notifications to commands for the applications themselves. The service is used for locating stolen phones, remotely configuring phone settings, mailing messages about new game levels or goods, etc.

This service was developed to make it easier for Android-based app developers to support programs downloaded and installed on users’ devices. Thanks to Google Cloud Messaging, the authors of the programs do not need to build their own IT infrastructure to do this.

However, GCM has its attractions for cybercriminals, who have started to use it to replace Command & Control servers. This makes it quicker and cheaper to manage infected Android devices, simply by registering on the Google service.

Kaspersky Lab specialists have detected several samples of dangerous malware targeting Android owners which use GCM to receive commands from the fraudsters. For example, Trojan-SMS.AndroidOS.FakeInst.a can send text messages to premium numbers and delete incoming messages, or create shortcuts to malicious sites and show notifications containing adverts of other malicious programs that are distributed in the guise of useful applications or games.

Trojan-SMS.AndroidOS.OpFake.a, in addition to sending text messages to premium numbers, can steal messages and contacts, delete incoming messages and commit a host of other crimes.

Roman Unuchek, Senior Malware Analyst at Kaspersky Lab, is not surprised by the appearance of malicious programs that use the Google service.

“It would be strange if virus writers were not taking advantage of the opportunities offered by this service. At present, there is not much mobile malware using GCM, but some of the programs are already quite popular,” said Roman Unuchek.

“They are widespread in some parts of Western Europe, the CIS and Asia. The only way to block these channels of communication between the virus writers and their malware is to block the accounts of those developers whose IDs are used when registering malicious programs. We have informed Google about the detected GCM-ID which are used in malware,” Unuchek said.

MUST READ: