Researcher uncovers Android phone 'botnet', defends finding
Android on staff... SAP and Samsung's alliance may accelerate corporate adoption. Photo: Matthew Bayard
Malware has been spreading on Android mobile phones that takes control of certain email accounts to create a "botnet" - or a compromised device - to send out spam, a security researcher said this week.
Microsoft security engineer Terry Zink said the malware has infected the phones of users of Yahoo email accounts to send out spam messages.
"We've all heard the rumors, but this is the first time I have seen it - a spammer has control of a botnet [program] that lives on Android devices," Zink said in a blog post Tuesday.
"These devices login to the user's Yahoo Mail account and send spam."
He said the phones appear to be located in Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela.
"I've written in the past that Android has the most malware compared to other smartphone platforms, but your odds of downloading and installing a malicious Android app is pretty low if you get it from the Android Marketplace," he said.
"But if you get it from some guy in a back alley on the internet, the odds go way up."
He added that users in the developed world "usually have better security practices and fewer malware infections than users in the developing world".
"I am betting that the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version and they got more than they bargained for," Zink said.
"Either that or they acquired a rogue Yahoo Mail app."
A report earlier this year by the security firm AV-Test found some Android-powered phones downloaded malicious code after installation and said this was more common in the Google Android system than in the Apple ecosystem which has stricter security policies.
Google has a security system known as Bouncer to scan for malware but some experts recommend additional protection for phones using the platform.
UPDATE: Following publication of this story on various websites, Zink published another post in which he said the spam "did come from Android devices".
He said he wrote the original post with the most recent Trend Micro ThreatLab data in mind. The data showed the number of malicious Android apps doubled from 10,000 to 20,000 in just one month in the last quarter.
"Because of its ubiquity, there is sufficient motivation for spammers to abuse the platform. The reason these messages appear to come from Android devices is because they did come from Android devices," he wrote.