GCM is a service that allows application developers to send data from their server to their users’ Android-powered device and receive messages from devices on the same connection, as well as enabling them to communicate with programs installed on a users’ smartphone or tablet.
However, Kaspersky Lab has detected several popular malicious programs that use GCM as a cheap and easy communication channel with the crooks that created them.
While the service was created to make it easier for Android-based app developers to support programs downloaded and installed on users’ device, cybercriminals have started to use the technology to replace command and control servers, which enables criminals to manage infected Android devices, simply by registering on the Google service.
Roman Unuchek, senior malware analyst at Kaspersky Lab, is not surprised by the appearance of malicious programs that use the Google technology.
“It would be strange if virus writers were not taking advantage of the opportunities offered by this service. At present, there is not much mobile malware using GCM, but some of the programs are already quite popular. They are widespread in some parts of Western Europe, the Commonwealth of Independent States and Asia,” says Unuchek.
“The only way to block these channels of communication between the virus writers and their malware is to block the accounts of developer IDs that are used when registering malicious programs. We have informed Google about the detected GCM-IDs which are used in malware,” he adds.
Thursday, September 5- 2013 @ 12:28 UAE local time (GMT+4) Replication or redistribution in whole or in part is expressly prohibited without the prior written consent of Mediaquest FZ LLC.