A Microsoft engineer, Terry Zink, recently stated in a blog post that there’s a possibility that an Android botnet truly is in existence, evidenced by spam e-mails coming from different countries with a “Sent from Yahoo! Mail on Android” signature at the end of the message. The spam e-mails contained ads for viagra or weight-loss pills. If it’s true, it would be the first botnet originating from a mobile device.
Google was quick to refute Zink’s allegations, stating that attackers may just be using infected computers to send the spam e-mails and just altered the signature to make it appear that they’re coming from Android devices. Google stated that according to their own research, what Zink claims – an Android botnet – is not true.
Kevin Mahaffrey, co-founder and CTO of San Francisco-based Lookout Security, also dismissed the possibility of an Android botnet stating that it’s possible it’s not malware but a security issue with the Yahoo! Mail app for Android devices.
Yahoo! Mail app compromised
According to Google Play, the current version of the Yahoo Mail app is 1.4.4, but Lookout gave no details as to whether the security issue appeared on the latest version or was already present in older versions.
“The jury is still out what this really is,” said Mahaffrey. “There’s been a lot of speculation and not a lot of proof, so we all need to take a step back and take a scientific approach to the problem. But unfortunately, the truth isn’t always what gets the headlines.”
Lookout’s findings were backed by Trend Micro, who stated in a blog post that they’ve uncovered a vulnerability in the Yahoo! Android mail client that allowed attackers to gain access to a user’s Yahoo! Mail cookie.
“This bug stems from the communication between Yahoo! mail server and Yahoo! Android mail client. By gaining this cookie, the attacker can use the compromised Yahoo! Mail account to send specially-crafted messages,” Trend Micro said in their post. “The said bug also enables an attacker to gain access to user’s inbox and messages.”
At present, these are all speculations. There’s not enough proof that there’s really an Android botnet, a security vulnerability in the Yahoo Mail app, or attackers are just getting clever in spreading malware. The bug spreading the spam e-mails have yet to be found and identified.
Users are urged to be vigilant in keeping their online accounts secured, though most services claim that they provide ample security for their users. Again, we reiterate the importance of downloading from trusted app stores for Android like Google Play, as you’ll have a smaller chance of downloading a compromised app. Be sure to research and double check apps even in trusted stores, as it was recently reported that fake Android apps laced with malware were found in Google Play.