experts at Trend Micro have discovered that some Android-based malware is using a blog in China to act as a Command and Control (C&C) server. Writing in its blog
Micro said that the use of the blog was a new trick to receive instructions.
Trend's Karl Dominguez, a Threat Response Engineer said that this was the first time that Android malware implemented this kind of technique to communicate with its server. Disguised as a eBook reader, the application requests nearly total control over the mobile device when installed, including access to the Web, network settings, the ability to edit, read, and receive SMS or MMS messages, read and write to contact lists, disable key locks, make
calls, and more.
"From our analysis, we found that this malware has two hard-coded C&C Servers to which it connects to receive commands and deliver payloads. The first server is just like the usual remote site, where the malware posts and gets information and commands. The second C&C server, however, caught our attention. The second C&C server is a blog site with encrypted content," Dominguez said.
Given that the Chinese government spends more time reading its citizens blogs than it does dealing with corruption, we are surprised no one has noticed.