The malware, which usually downloaded via apps taken from third-party sites, sends out spam from users’ Yahoo email accounts, according to security experts.
Spammers have developed malware that is
creating a botnet from Android mobile devices, the latest example of the
explosive growth in attacks on Googles mobile operating system.
According to a Microsoft researcher, the
malware is downloaded onto the smartphone via a rogue app, which then gets into
users Yahoo free email accounts to send out spam. Microsoft engineer Terry
Zink said he found spam samples coming from compromised Yahoo email accounts,
but then noted that they were being sent from Android mobile devices.
Weve all heard the rumors, but this is the
first time I have seen ita spammer has control of a botnet that lives on
Android devices, Zink wrote in a blog
post July 3
. These devices log in to the users Yahoo Mail account and
send spam. ¦ The messages all come from Yahoo Mail servers. They are all
from compromised Yahoo accounts. They are sending all stock spam, the
typical pump and dump variety that weve seen for years.
Looking at the IP addresses stamped in the
headers of the emails, Zink was able to determine that the spam is being sent
from a number of countries: Chile, Indonesia, Lebanon, Oman, the Philippines,
Russia, Saudi Arabia, Thailand, Ukraine and Venezuela.
Zink and other security researchers believe
that users of the compromised Android devices probably downloaded the malware
when they downloaded an app not from the Google Play market, but from some
other place on the Internet in hopes of avoiding having to pay. The countries
that seem to be the source of the spam prove that out, according to the
Ive written in the past that Android has
the most malware compared to other smartphone platforms, but your odds of
downloading and installing a malicious Android app is pretty low if you get it
from the Android Marketplace, Zink wrote. But if you get it from some guy in
a back alley on the Internet, the odds go way up. Ive also written that users
in the developed world usually have better security practices and fewer malware
infections than users in the developing world. Where are almost all of
those countries in the list above? Mostly in the developing world.
I am betting that the users of those phones
downloaded some malicious Android app in order to avoid paying for a legitimate
version and they got more than they bargained for. Either that or they
acquired a rogue Yahoo Mail app.
Chester Wisniewski, a senior security advisor
at Sophos Lab, agreed.
It is likely that Android users are downloading
Trojanized pirated copies of paid Android applications, Wisniewski said in a July
5 blog post
. Android users should exercise caution when downloading
applications for their devices and definitely avoid downloading pirated
programs from unofficial sources. Google, Amazon and others may not be perfect
at keeping malware off of their stores, but the risk increases dramatically
outside of their ecosystems.
Google has worked to reduce the amount of
malware, including developing its Bouncer program, which automatically scans
for malware on apps in the Google Play marketplace.
However, given the open nature of Android and
the large number of devices running the operating system, security experts are
seeing a dramatic rise in the amount of malware that is being written for
Android. In February, Juniper Networks officials reported that mobile malware
more than doubled in 2011, growing by 155 percent across all platforms, which
included Apple's iOS, Research In Motion's BlackBerry and Symbian.
grew by 3,325 percent in the last seven months of 2011,
and Android malware accounted for about 46.7 percent of unique malware samples
that targeted mobile platforms, Juniper Networks found.
"Hackers are incented to target Android,
because there are simply more Android devices as compared to the
competition," Daniel Hoffman, chief mobile security evangelist at Juniper,
at the time.
continued into 2012
, according to security software firm McAfee, which is
owned by Intel. In the first three months of the year, almost 7,000 Android threats
were found, an increase of more than 1,200 percent from the same period in
2011, according to the McAfee report released in May. Most of these threats
come from third-party app stores as opposed to Google Play, McAfee officials