Malicious program downloads its instructions from a blog

Experts from a computer security company, Trend Micro, discovered a malicious program that downloads its instructions and updates from an encrypted blog. 

The program is written for devices based on the Google’s operating system, Android OS. This is the first malicious program for mobile devices that uses such form of communication, and Trend Micro called it "ANDROIDOS_ANSERVER.A". After installation, the malicious program asks the user for a variety of permissions, among others for connecting to the internet and accessing private data on the device, and if all granted it sends private information to attackers. The program was first noticed on a third party web page for downloading Android apps, and it was described as an e-book reader application. New versions of the program and addresses of servers it sends victims private information are downloaded from the aforementioned encrypted blog, and this method so far was used only on malicious programs written for personal computers. Experts warn about using applications downloaded from non-official sources, and recommend caution while granting permissions to installed applications. More information can be found at COMUTERWORLD web site.