UPDATED 10:31 EDT / JULY 05 2012

Android Devices Spreading Spam Emails, Malware: Pandemic By Year’s End

Android devices are once again under fire from malware but this time it’s even worse – they’re being hijacked by an illegal botnet to send spam emails.

Microsoft researcher Terry Zink came across spam samples that sends stock spams – a typical pump and dump variety but what he found interesting was that it contained this:

Message-ID: <1341147286.19774.androidMobile@web140302.mail.bf1.yahoo.com>

Accompanied by, Sent from Yahoo! Mail on Android, at the bottom of the message.

According to Zink, it was the first time he encountered such an attack wherein a spammer has control of a botnet that lives on Android devices.  A botnet is an illegal network found in infected machines such as laptops and PCs, that sends enormous amounts of spam emails.

They were also able to identify where the spam originated because Yahoo stamps the IP address in the headers of where the device connected to its service came from.  The identified locations are: Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela.

Zink noted that these are developing countries and there’s a possibility that Android users from these countries opted to download from third party Android app stores instead of Google Play, heightening the possibility of downloading fake apps laced with the malware.

As for the spam e-mails being spread by these infected Android devices, SophosLabs identified them as fake ads for herbal viagra or weight loss pills.  The first samples they analyzed only contained text but latter samples contained text and images.

Incredible National Rx Store
Now offering medications for Weight Loss, Diabetics, Pain Reduction!!!
Reduced Prescription’s
Viagra+Cialis Super Active, Alprazolam, Vicodin etc…
Pick Up You’re Meds for 75% Off Today
Sent from Yahoo! Mail on Android

The worst part about those that contain images is that some of them have animated graphics, which could easily increase your phone bill because it would take longer to download messages with images, even longer with moving graphics.

The samples Sophos analyzed came from  Argentina, Ukraine, Pakistan, Jordan and Russia and they believe that users unwittingly downloaded a Trojanized, pirated, free copy of a paid app.

“We’ve seen it done experimentally to prove that it’s possible by researchers, but not done by the bad guys,” Sophos security expert Graham Cluley informed the BBC of how this kind of attack is nothing new but they too have never seen it used by malicious people.

“We are seeing a lot of activity from cybercriminals on the Android platform.

“The best thing you can do right now is upgrade your operating system, if that’s possible.

“And before you install apps onto your device, look at the reviews, because there are many bogus apps out there,” added Cluley.

And if news about Android devices spreading spam doesn’t bother you, maybe this will: according to Trend Micro, by year’s end, there will be an Android malware pandemic.  The antivirus maker stated that they’ve already found 5,000 malware just at the beginning of this year and projected that by the third quarter there will be 38,000 malware samples, and close to 130,000 in the fourth-quarter.  And the driving force behind the attacks?  Money, of course.

“The growth in Android malware demonstrates sustained and focussed criminal interest in the mobile platform and particularly in the Android operating system”, said Rik Ferguson, director of security research and communications at Trend Micro. “Criminals have always followed user behaviour and they continue to do so. As we move steadily to the mobile web, mobile devices offer new avenues for criminal revenue generation alongside the continuation of the old. Consumers need to use care when downloading and installing apps and should be considering installing antimalware on their mobile devices.”

Google declined to comment on the matter but they’ve mentioned in the past that they’re doing everything they can to keep Android devices and Google Play free from malicious apps.


A message from John Furrier, co-founder of SiliconANGLE:

Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.

  • 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
  • 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.