Cybercrooks using Google Cloud Messaging to target Android

Cybercriminals have started targeting Android devices using the Google Cloud Messaging (GCM) service, according to research from Kaspersky Lab.

The GCM service allows Android-based app developers to communicate with their programs installed on users’ devices, sending information ranging from notifications to application commands.

But cybercriminals have discovered that they can use GCM in place of command and control servers to manage infected Android devices. They can access GCM simply by registering developer accounts with Google.

Kaspersky Lab has detected samples of a piece of malware that uses GCM. Trojan-SMS.AndroidOS.OpFake.a can send SMS to premium numbers without users’ knowledge, steal messages and contacts, delete incoming messages and create shortcuts to malicious sites.

Due to the capabilities of GCM, Kaspersky Lab senior malware analyst Roman Unuchek said the surprise would be if malware writers were not making use of the service.

“The only way to block these channels of communication between the virus writers and their malware is to block the accounts of those developers whose IDs are used when registering malicious programs,” he said.

Kapersky Lab ANZ technical manager Sam Bryce-Johnson added that local consumers and businesses will face more Android threats as the platform increases its dominance in the Australian smartphone market.