A malware that spreads on Android mobile phones and takes control of e-mail accounts to create a ‘botnet’ and send out spam, has been detected. Terry Zink, Microsoft security engineer, revealed that the malware has infected phones of users who access Yahoo! e-mail accounts and sends out spam messages. “We've all heard the rumors, but this is the first time I have seen it — a spammer has control of a botnet that lives on Android devices,” Zink said in an official Microsoft blog post. The infected devices log into the user’s Yahoo! Mail account and then send spam. The infected phones appear to be located in Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela.
“I’ve written in the past that Android has the most malware compared to other smartphone platforms, but your odds of downloading and installing a malicious Android app is pretty low if you get it from the Android Marketplace. But if you get it from some guy in a back alley on the Internet, the odds go way up,” he said. Pointing out to the countries with infected Android devices, he says that users in the developed world usually have better security practices and fewer malware infections than users in the developing world.
All spam sent contain this message – “Message-ID: 1341147286.19774.androidMobile@web140302.mail.bf1.yahoo.com” and have the following at the bottom of their spam: “Sent from Yahoo! Mail on Android.”
“I am betting that the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version and they got more than they bargained for. Either that or they acquired a rogue Yahoo Mail app. This ups the ante for spam filters. If people download malicious apps onto their phone that capture keystrokes for their email software, it makes it way easier for spammers to send abusive mail. This is the next evolution in the cat-and-mouse game that is email security,” he added further.
Earlier a report had revealed that the malware targeting Android users have quadrupled since 2011. It said that about 10 Android malware families have come to the forefront in 2011, while the number has increased to 37 families in the first quarter of 2012. This clearly shows a year over year growth of a staggering 270 percent. A comparison between the number of malicious Android application package files (APKs) received in Q1 2011 and in Q1 2012 reveals a more staggering find — an increase from 139 to 3063 counts. This growth in number has been attributed to malware authors crafting their infected or trojanized applications to defeat anti-virus signature detection, distributing their malware in different application names, and trojanizing widely popular applications. It also pointed out that 34 malware families have been targeting the financial data and have been designed to steal money.
It is also believed that a majority of the malware discovered in Android markets are SMS-sending malware that reap profits from sending messages to premium numbers and most of these malware are found on third-party market stores, but sometimes they do manage to wriggle their way into the official Android Marketplace, which is now Google Play store.