Network security firm Cloudmark has warned Android phone users of a new spam-forwarding botnet that is currently making the rounds, known as SpamSoldier. The malicious mobile application is contracted by downloading counterfeit versions of Android games that are stored on a Hong Kong server instead of the main Google Play store.
The copied games are accessed via a text message promising free versions of well-known titles such as The Need for Speed Most Wanted and Angry Birds Star Wars - the message reading:
Download Grand Theft Auto 3 & Need for Speed Most Wanted for Android phones for free at http://[redacted].mobi for next 24hrs only!
If the app is installed the icon vanishes from the home screen then contacts a remote server to receive a list of target numbers so that it can begin dispensing spam messages via the infected phone.
“You better have an unlimited message plan or your phone bill may come as a bit of a shock,” Cloudmark's report reads.
According to a separate report by mobile antivirus firm Lookout - who recently signed a deal with EE to provide free virus protection for Android in 2013 - SpamSoldier is engineered to hide any trace of “malicious activity” by intercepting incoming text replies and the concealment of outgoing messages, leaving the phone owner ignorant to their role in the cyber-crime.
“Compared with PC botnets this was an unsophisticated attack. However, this sort of attack changes the economics of SMS spam, as the spammer no longer has to pay for the messages that are sent if he can use a botnet to cover his costs,” warned the Cloudmark report.
“Now that we know it can be done, we can expect to see more and more complex attacks that are harder to take down.”
This particular malware strain seems to be confined to the US as Cloudmark made no note of any SpamSoldier incidence in Europe.