Microsoft researcher Terry Zink came across spam samples that sends stock spams – a typical pump and dump variety but what he found interesting was that it contained this:
Accompanied by, Sent from Yahoo! Mail on Android, at the bottom of the message.
According to Zink, it was the first time he encountered such an attack wherein a spammer has control of a botnet that lives on Android devices. A botnet is an illegal network found in infected machines such as laptops and PCs, that sends enormous amounts of spam emails.
They were also able to identify where the spam originated because Yahoo stamps the IP address in the headers of where the device connected to its service came from. The identified locations are: Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela.
Zink noted that these are developing countries and there’s a possibility that Android users from these countries opted to download from third party Android app stores instead of Google Play, heightening the possibility of downloading fake apps laced with the malware.
As for the spam e-mails being spread by these infected Android devices, SophosLabs identified them as fake ads for herbal viagra or weight loss pills. The first samples they analyzed only contained text but latter samples contained text and images.
Incredible National Rx Store
Now offering medications for Weight Loss, Diabetics, Pain Reduction!!!
Viagra+Cialis Super Active, Alprazolam, Vicodin etc…
Pick Up You’re Meds for 75% Off Today
Sent from Yahoo! Mail on Android
The worst part about those that contain images is that some of them have animated graphics, which could easily increase your phone bill because it would take longer to download messages with images, even longer with moving graphics.
The samples Sophos analyzed came from Argentina, Ukraine, Pakistan, Jordan and Russia and they believe that users unwittingly downloaded a Trojanized, pirated, free copy of a paid app.
“We’ve seen it done experimentally to prove that it’s possible by researchers, but not done by the bad guys,” Sophos security expert Graham Cluley informed the BBC of how this kind of attack is nothing new but they too have never seen it used by malicious people.
“We are seeing a lot of activity from cybercriminals on the Android platform.
“The best thing you can do right now is upgrade your operating system, if that’s possible.
“And before you install apps onto your device, look at the reviews, because there are many bogus apps out there,” added Cluley.
And if news about Android devices spreading spam doesn’t bother you, maybe this will: according to Trend Micro, by year’s end, there will be an Android malware pandemic. The antivirus maker stated that they’ve already found 5,000 malware just at the beginning of this year and projected that by the third quarter there will be 38,000 malware samples, and close to 130,000 in the fourth-quarter. And the driving force behind the attacks? Money, of course.
“The growth in Android malware demonstrates sustained and focussed criminal interest in the mobile platform and particularly in the Android operating system”, said Rik Ferguson, director of security research and communications at Trend Micro. “Criminals have always followed user behaviour and they continue to do so. As we move steadily to the mobile web, mobile devices offer new avenues for criminal revenue generation alongside the continuation of the old. Consumers need to use care when downloading and installing apps and should be considering installing antimalware on their mobile devices.”
Google declined to comment on the matter but they’ve mentioned in the past that they’re doing everything they can to keep Android devices and Google Play free from malicious apps.