Skip to main content

Microsoft engineer identifies Android spam botnet

A botnet manipulating Android devices into sending mass amounts of spam has been discovered by a Microsoft anti-spam engineer. The engineer, Terry Zink, identified the botnet by tracing the headers of spam samples signed “Sent from Yahoo! Mail on Android” to different IP addresses located across the Middle East, Asia, Eastern Europe and South America.

All of the spam samples were sent from compromised Yahoo Mail accounts and contained the Message-ID: , suggesting they were sent by a spammer controlling an Android botnet.

"I am betting that the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version and they got more than they bargained for," Zink wrote on his MSDN blog. "Either that or they acquired a rogue Yahoo Mail app."

Android malware has been documented to be on the rise. A study carried out by security firm SophosLabs found that Android devices are more vulnerable to attacks, likely because of the easy access to unofficial apps and third-party app market places.

A recent attack targeting Android devices scammed users out of some £28,000 by gaining access to their phones through fake versions of popular games like Angry Birds and Assassin’s Creed. The replica apps contained code that led infected phones to send premium rate messages, racking up a £5 charge per message.

“There is a wider issue here. There is malware out there which can gain total access to your phone," said Nitin Lachani, who researches threats for the watchdog PhonepayPlus, at the time.