Android users, beware: Spammers have begun to use Android smartphones to create a global botnet that bombards Web users with bogus emails. The Android botnet was first uncovered by a Microsoft researcher, and has also been confirmed by other cybersecurity experts.
Botnets are mostly illegal networks of computers (usually desktop or laptop PCs) that are controlled by hackers and are regularly used to send out spam. Most often, users do not know that their computers are part of a botnet.
The researcher, Terry Zink, first noticed a slew of “spam samples” that were all coming from “compromised” Yahoo email accounts, he said in a blog post. The messages all contained “stock spam, the typical pump and dump variety that we’ve seen for years.” But after taking a closer look at the Message-ID in the emails, he noticed something interesting: They were all sent from Android devices. To further confirm this, each spam email concluded with the line “Sent from Yahoo! Mail on Android.”
“We’ve all heard the rumors, but this is the first time I have seen it — a spammer has control of a botnet that lives on Android devices,” wrote Zink. “These devices login to the user’s Yahoo Mail account and send spam.”
After looking into the country of origin for the IP addresses associated with the spam emails, Zink discovered that they all originated from parts of the world where wise cybersecurity practices may not be as widespread as they are in the U.S. This includes Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela, according to Zink.
As Zink points out, the “odds of downloading and installing a malicious Android app is pretty low if you get it from [Google Play].” So it is most likely that the virus that turns these Android devices into a botnet like came as part of apps available from third-party websites, some of which offer bogus, free versions of popular apps.
“I am betting that the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version and they got more than they bargained for,” wrote Zink. “Either that or they acquired a rogue Yahoo Mail app.”
Sophos security expert Chester Wisniewski recommends in a blog post about the botnet that Android users “exercise caution when downloading applications for their devices and definitely avoid downloading pirated programs from unofficial sources,”
In statement made to the BBC, a Google spokesperson said that the company “saw a 40 percent decrease in the number of potentially malicious downloads from Google Play” in both the first and second halves of 2011.
“Last year we also introduced a new service into Google Play that provides automated scanning for potentially malicious software without disrupting the user experience or requiring developers to go through an application approval process,” the spokesperson added.
If you have downloaded apps that you believe may contain malware, your safest bet is to update your device to the newest version of Android available for your handset.