Researchers at security firm Sophos say they have discovered malware for Android phones that is used as a spam botnet. Spam messages are being sent from Google Android phones and tablets, all of which have been propagated through Yahoo’s mail service, promoting counterfeit Viagra and other pharmaceuticals.
This seems to be a new form of malware for Android users. Researchers have already unveiled schemes for cybercriminals to make money from capturing SMS messages used for online banking logins, or by sending premium-rate SMS messages without the users’ knowledge.
The source of the spam botnet seem to be users who downloaded pirated copies of paid Android apps that which were infected with trojans, said Chester Wisniewski, a senior security adviser at Sophos Canada. Some the spam messages are text-only, while others are graphic, and some are even animated.
So far, the security firm has analyzed samples of the spam originating from Argentina, Ukraine, Pakistan, Jordan and Russia. The malware does not appear to be coming from apps download from Google’s official app store, Google Play — but from localized third-party download sites where users can get pirated versions of paid apps for Android.
“Android users should exercise caution when downloading applications for their devices and definitely avoid downloading pirated programs from unofficial sources,” Wisniewski advised. “Google, Amazon and others may not be perfect at keeping malware off of their stores, but the risk increases dramatically outside of their ecosystems.”
Security firm Symantec also found in its latest annual report that mobile malware threats are almost exclusive to Google’s open mobile OS, with an increase by more than 93 percent over the last year. The report found more than half of all Android threats collect device data or track users’ activities.
Update: A Google spokesperson provided PCWorld with the following statement: “The evidence does not support the Android botnet claim. Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they’re using.”
Follow Daniel Ionescu and Today @ PCWorld on Twitter