Cybercriminals are controlling malware on Android devices through a Google service that enables developers to send messages to their applications, according to security researchers from antivirus vendor Kaspersky Lab. Google Cloud Messaging (GCM) for Android allows developers to send and receive different types of messages to and from applications installed on Android devices. The GCM message data can include links, text advertisements, or commands, said Roman Unuchek, a senior malware analyst at Kaspersky Lab, Wednesday in a blog post. Researchers from the antivirus company have already identified multiple Android malware threats that use GCM as a primary or secondary command-and-control channel. One problem with GCM is that neither users nor mobile antivirus programs can block malicious messages received through it because they are delivered by the OS itself, Unuchek said via email. The only way to block this channel of communication between virus writers and their malware is to block the developer accounts whose IDs are being used to register malicious programs with GCM, he said.
There isna€™t currently a large number of malware programs that use GCM, but those that do exist are widespread in some parts of western Europe, the Commonwealth of Independent States (CIS) and Asia, Unuchek said. GCM seems to be a very cheap and easy instrument for cybercriminals to use, so ita€™s likely the service could be abused to a greater extent in the future unless the bar for cybercriminals is not raised higher through countermeasures, the researcher said. In addition to disabling developer IDs that are found to abuse the GCM service, it might also be a solution to actively analyze GCM messages for malicious content in a way similar to how intrusion detection systems analyze network traffic, Unuchek said. Google did not immediately respond to an inquiry asking for information about the methods it uses to prevent malware writers from abusing the GCM service. PCWorld helps you navigate the PC ecosystem to find the products you want and the advice you need to get the job done.
Android malware exploits the Google Cloud Messaging Service (GCM) as Command and Control server. The JSON format is commonly used by developers to structure their data within a container, it is very versatile and commonly used by many applications. The authors of the malware in every case took advantage of Google Cloud Messaging Service  to exchange messages between C&C services and the malicious app. The number of malware that exploit the Google Cloud Messaging Service is destined to increase despite it is still relatively low, the data on their diffusion demonstrated it. Actually the only option for security experts is to block developer accounts with IDs linked to the registration of malicious applications. Pierluigi Paganini is Chief Information Security Officer at Bit4Id, firm leader in identity management, member of the ENISA (European Union Agency for Network and Information Security)Treat Landscape Stakeholder Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London.


Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Pierluigi Paganini is Chief Information Security Officer at Bit4Id, firm leader in identity management, member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
This tutorial explains about that how to receive push notifications in android using GCM (Client side).
Thanks to the popularity of self-destructing photo and video app, Snapchat, many have joined the ephemerality band wagon and we expect this trend to grow.
While security remains a primary concern, the nature of ephemeral apps has made it a popular among younger users. With the Apple Watch set to release in 2015, this is definitely going to be one of the most watched trends for the upcoming year. Perhaps the toast of all these devices was the Moto 360, which managed to woo tech fans and watch enthusiasts alike. According to a report from Canalys research firm, Q3 of 2014 saw, nearly 5 million smart and basic wearable bands shipped in Q3 2014, with total unit shipments increasing 37 percent quarter on quarter as Android Wear made its mark for the first time. This year we saw talk of 3D printers being used to potentially create personalised makeup and how legs from a 3D printer helped one dog called Derby run for the first time.
Currently what is holding back 3D printing is the high prices, but the report by Canalys adds that the consumer market is growing fastest, as 3D printer prices have continued to fall and the technology has rapidly improved. According to Canalys Research Analyst Joe Kempton, “These results are extremely encouraging for the future of the 3D printing industry.
Google also showcased Android Auto and recent reports indicate that the next version of Android will be such that it can be directly built into cars.
It won’t be surprising to see more on the car and home front from these two companies in 2014. From Google to Microsoft (which saw its profits rise thanks to cloud computing), to HP, every major tech company is investing in this and the segment will continue to grow in the coming year.
Yu Yureka Review: Micromax delivers a good, affordable 4G-enabled phablet; Should Xiaomi worry? A developer can, for example, send messages that contain up to 4KB of structured data from a server the developer owns through a Google-run GCM server to all user installations of the developera€™s GCM-enabled apps.
FakeInst.a was detected in over 130 countries, but it primarily targets users in Russia, Ukraine, Kazakhstan, and Uzbekistan, he said. This malware program is usually disguised as a porn app, but like FakeInst.a, its purpose is to send premium-rate text messages and display ads in the Android notification area.


The Google service allows Android app developers to send messages using JSON format to installed apps, but hackers exploited it for malicious purposes. Once gained a Google Cloud Messaging Service (GCM) ID, malware updates are distributed exploiting directly the Google cloud services and also any command to the malicious agent is sent exploiting the service and using JSON format. This last malware is also able to steal sensitive information from the victim’s handset such as  contacts and it is also able to self-update its code, the agent appeared very active and was detected in 97 different countries, the majority in Russia and eastern countries.
These malware are prevalent in Western Europe, the CIS, and Asia, virus writers know very well that execution of commands received from GCM is performed by the Google Cloud Messaging Service system and it is impossible to block them directly on an infected device. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Enable the toggle Google Cloud Messaging for Android in services and accept the terms in the Terms of service page. On being turned down, the social-networking giant introduced a similar service called Slingshot. In the future, we may see the feature built into existing messaging services rather than just standalone apps. From Sony Smartwatch 3, to Samsung Gear S (which is the only one with a dedicated SIM slot) to the LG G Watch to Pebble Steel, these wearables made their presence felt in the market.
Motorola Mobility’s Moto 360 was by far the most successful of the initial Android Wear devices, accounting for over 15% of the smart band, said the research firm, which expects the shipments for smartwatches and bands to exceed 43.2 million in 2015.
Q3 of 2014 saw around 33000 such printers getting shipped which is a 4% increase, report Canalys. During the course of the year, Google also showed off driverless cars to the world in 2014 and has set out a 2017 time-frame for these to hit the streets, although that could be a bit unrealistic.
The applications dona€™t even have to be running on user devices as the received messages will be broadcast by the Android OS and the targeted apps will be woken up.
The Google Cloud Messaging Service (GCM) acts as Command and Control server for the Trojans, what is very smart in this implementation is that malware updates appear to the user to be official updates via Google.
The firm says that Apple will be the biggest driver behind wearable band shipments in 2015.
Essentially cloud computing allows you to store data online and access it whenever you need it.



Free online storage websites 90s
Free cloud hr software


Comments

  1. 03.05.2014 at 17:31:13


    Vendors have learned some very valuable.

    Author: Koshka
  2. 03.05.2014 at 23:50:10


    Need additional storage space from ProjectWizards Cloud.

    Author: ANAR
  3. 03.05.2014 at 11:46:33


    In the past two years, Rackspace has shifted its focus device and it will instantly.

    Author: kiss_kiss_kiss