If you have an Android device, watch out. You may be part of a mobile botnet. A Microsoft
researcher is warning that hackers may have hijacked some Android phones to send spam e-mails.
Microsoft researcher Terry Zink pointed to trails of spam being sent by Android devices from Yahoo mail servers. It would not be the first time in recent months that Android was hit with malware issues. But the new revelation marks a new strategy.
"I've written in the past that Android has the most malware compared to other smartphone platforms, but your odds of downloading and installing a malicious Android app is pretty low if you get it from the Android Marketplace," Zink wrote in a blog post. "But if you get it from some guy in a back alley on the Internet, the odds go way up."
Downloading Rogue Apps
Zink has also written that users in the developed world usually have better security practices and fewer malware infections than users in the developing world. Most of the countries to which Zink tracked the Yahoo IP addresses were in the developing world -- Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine and Venezuela.
"I am betting that the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version and they got more than they bargained for. Either that or they acquired a rogue Yahoo Mail app," Zink said.
"This ups the ante for spam filters. If people download malicious apps onto their phone that capture keystrokes for their e-mail software, it makes it way easier for spammers to send abusive mail. This is the next evolution in the cat-and-mouse game that is e-mail security."
Neil Roiter, research director at Corero Network Security, said the fact that we are seeing spam from a botnet of hijacked Android phones for the first time highlights the risk of downloading applications from unauthorized sites rather than the official Android market, Google Play, or Amazon's Appstore for Android. PC-based botnets are major cyber crime weapons.
But, he told us, this development raises new concerns about mobile device security and associated cyber attacks.
"Google is making efforts to keep rogue applications from the Android market," Roiter said. "However, it stands to reason that Google cannot protect users who opt to download applications from non-sanctioned sites."
What types of messages are the botnets sending? According to SophosLabs, the malware ads are for medications for weight loss, diabetes, pain, and Viagra. Some of the mail contains images.
Sophos' Chester Wisniewki said it is likely that Android users are downloading Trojanized pirated copies of paid Android applications.
"The widespread nature of source devices is unusual as most Android malware is not downloaded from Google Play, but localized 'off market' download sites," he wrote in the Sophos blog.
"Android users should exercise caution when downloading applications for their devices and definitely avoid downloading pirated programs from unofficial sources. Google, Amazon and others may not be perfect at keeping malware off of their stores, but the risk increases dramatically outside of their ecosystems."