Microsoft researcher Terry Zink is claiming that an undisclosed number of Android smartphones have been hijacked by an illegal botnet. A botnet has historically been a problem for PCs and, at its core, is an illegal network of infected and controlled computers that are used to send out spam emails or infect other computers with malware. Zink said he realized the issue when he noticed spam e-mails with the signature “Sent from Yahoo! Mail on Android.”
This isn’t Android’s first brush with malicious software, as Google’s mobile platform has had recent issues with malware-infected applications appearing on its Google Play Store. However, the use of botnets on smartphones could become the latest weapon in cybercriminals’ arsenal.
“ We’ve all heard the rumors, but this is the first time I have seen it – a spammer has control of a botnet that lives on Android devices,” Zink stated in a blog post. “I’ve written in the past that Android has the most malware compared to other smartphone platforms, but your odds of downloading and installing a malicious Android app is pretty low if you get it from the Android Marketplace. But if you get it from some guy in a back alley on the Internet, the odds go way up… I am betting that the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version and they got more than they bargained for. Either that or they acquired a rogue Yahoo Mail app.”
An analysis of the list of IP addresses used to send the spam revealed that the emails originated from Android devices being used in Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela.
Graham Cluley, an employee of anti-virus maker Sophos, said it appears likely that the attacks probably came from Android devices, but his firm wasn’t able to prove that was the case. “We’ve seen it done experimentally to prove that it’s possible by researchers, but not done by the bad guys,” he told BBC. Graham also stated that his company is “seeing a lot of cybercriminal activity on the Android platform.” He suggests that consumers update their device’s software if possible and suggested Android users check reviews before installing an application.
“We are committed to providing a secure experience for consumers in Google Play, and in fact our data shows between the first and second halves of 2011, we saw a 40% decrease in the number of potentially malicious downloads from Google Play,” a Google spokesperson told BBC.
Google also advised that it has introduced a new service that automatically scans its Google Play store for malicious apps without disturbing developers or users. We still recommend looking into trusted mobile security software such as Lookout Security & Antivirus, NQ Mobile or Antivirus Pro from AVG. You’re also much safer downloading all of your applications directly from Google Play.