09 Jul 2012

Android Smartphones in Illegal Botnet, Researchers Say


Android Smartphones have been dragged into an illegal botnet that sends out masses of unwanted emails, according to Microsoft researcher Terry Zink. He believes he has found evidence of “the typical pump and dump variety” of spam sent from Yahoo mail servers by Android devices.

“We’ve all heard the rumors, but this is the first time I have seen it – a spammer has control of a botnet that lives on Android devices,” said Terry Zink. “These devices login to the user’s Yahoo Mail account and send spam.”

Zink has tracked the origin of the spam emails to “developing world” countries such as Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela.

“I am betting that the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version and they got more than they bargained for,” the researcher said.  “Either that or they acquired a rogue Yahoo Mail app. If people download malicious apps onto their phone that capture keystrokes for their email software, it makes it way easier for spammers to send abusive mail.”

Security experts recommend users have their mobile security solution updated and pay extra attention to what applications they install.