Discovered: the First Major Botnet Living on Smartphones

We’ve all grown quite used to the idea of botnets stowing away on PCs out there on the Internet, spamming us from hacked inboxes in unknown places. Now, botnets are going mobile. Microsoft researcher Terry Zink says he’s discovered evidence that an illegal botnet has hijacked smartphones running Google’s Android operating system and used them to send spam from users’ Yahoo email accounts.

Android has suffered from security problems in the past, but those have mostly been confined to Google Play–Google’s online app store–where programs disguised as popular apps (or the pirated free versions of popular apps) infiltrate Android machines when they are voluntarily installed. But in a blog post Zink says that this is the first time he’s seen a spammer create a major botnet that lives on Android devices.

The IP addresses used to send the spam Zink cites in his report came from Android devices residing in Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela. That could be significant, Zink notes, because data show that users in the developing world tend to practice more lax online security practices than users in the developing world. But it creates problems for all of us.

Writes Zink: “This ups the ante for spam filters.  If people download malicious apps onto their phone that capture keystrokes for their email software, it makes it way easier for spammers to send abusive mail.  This is the next evolution in the cat-and-mouse game that is email security.”