Mr Terry Zink has revealed on his MSDN cyber security blog that there is a spammer in control of a botnet harboured upon Android devices. The perpetrator of this newly discovered Android botnet malware has found a way to employ affected users Yahoo mobile mail accounts to do his mass email advertising of Viagra, penny stocks and eCards.
A lot of Android malware that tries to make money from the victim is based upon sending SMS to premium rate numbers and taking money from those profits. This malware is different as it just uses the user’s Yahoo mail client to send common-or-garden email spam from their compromised accounts. To make money from email spam requires a lot of email to be sent out as most people filter a large percentage of it straight to trash.
Developing countries connection
Mr Zink has traced the origin of a large percentage of this new Android Yahoo Mail app spam to developing countries. The headers and signature of the spam emails contains info pinpointing the originating IP address. The vast majority of botnet generated emails he found were from Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela. Similarly today Sophos investigated some of this Android Yahoo mail spam and found its samples originated from Argentina, Ukraine, Pakistan, Jordan and Russia.
Microsoft’s Terry Zink says that users in the developing world are more likely to download mobile apps from “some guy in a back alley on the Internet”. In order to save spending money on paid for apps though the Google Play Store “I am betting that the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version and they got more than they bargained for. Either that or they acquired a rogue Yahoo Mail app.”
As usual the message is “be careful out there” and be especially careful with “off market” apps. If you have any suspicions about your Android device try one of the various mobile security apps from Google Play to check your device, many are free (don’t download one from PirateBay, haha).