Sophos, Microsoft Warn of Android Spam Botnet

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Sophos researchers recently came across Android malware that uses mobile devices to distribute spam.

"Spam messages are being sent from Google Android phones and tablets, all of which have been propagated through Yahoo’s mail service, promoting counterfeit Viagra and other pharmaceuticals. ... The source of the spam botnet seem to be users who downloaded pirated copies of paid Android apps that which were infected with trojans, said Chester Wisniewski, a senior security adviser at Sophos Canada," writes PCWorld's Daniel Ionescu.

"Sophos analysed samples of the malware that originated in Argentina, Ukraine, Pakistan, Jordan and Russia," writes The Inquirer's Lee Bell. "It found that texts such as 'Now offering medications for Weight Loss, Diabetics, Pain Reduction!' and 'Viagra+Cialis Super Active, Alprazolam, Vicodin etc...Pick up you're meds for 75 per cent off today' were being used in the ads."

Microsoft engineer Terry Zink separately uncovered the same botnet, writing, "We’ve all heard the rumors, but this is the first time I have seen it -- a spammer has control of a botnet that lives on Android devices. These devices login to the user’s Yahoo Mail account and send spam."

"The immediate consequence for victims could be a higher mobile phone bill," notes PCWorld's Lucian Constantin. "Sending thousands of spam messages can generate a lot of mobile data traffic and mobile data is not cheap in most countries. Android Trojan apps have been used in the past to steal data, send SMS messages to premium-rate numbers or display unwanted advertisements. However, they've never been used to send spam before."

Still, according to InformationWeek's Mathew J. Schwartz, Google insists that Android devices are not the source of the spam. "Reached by email, a Google spokesman disputed Zink's findings," Schwartz writes. "'The evidence does not support the Android botnet claim. Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they're using,' he said."