In association with heise online

13 February 2012, 16:57

Smartphone botnet allegedly pulls in millions with premium text messages

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Zoom In total, more than 140,000 infected smartphones were reportedly waiting for commands
Source: Symantec
Symantec has once again discovered a widespread Android trojan. This time, it's a bot that has reportedly already affected more than 140,000 smartphones in China. After a few attempts, the security company managed to investigate the botnet's command-and-control server, where it collected detailed information about the network, providing insight into the criminal business model.

While PC botnets are usually used for distributed denial-of-service (DDoS) attacks and online banking fraud, in this case the criminals are mostly using the remotely controlled smartphones to send premium text (SMS) messages. With one click, the botnet operator can instruct thousands of infected smartphones to send unnoticed but costly text messages to the operator's premium text message services.

To stay under the radar, Symantec says that the bot can filter incoming messages using keywords, thereby hiding, for example, confirmation messages from premium services and virus warnings from network operators. The malware is also apparently able to connect to expensive hotlines and video services.

According to Symantec, about 11,000 bots were sending premium text messages in early February; that figure was as high as 29,000 at the beginning of the year. The company has calculated that the botnet operator could be earning $1,600 to $9,000 per day – as much as $3 million a year.

The victims downloaded apps that had trojan downloaders bundled with them. This kind of downloader attempts to download the actual Android.Bmaster bot from the internet as an APK file and then install it on a victim's device. The report states that the infected apps were from third-party app stores, not Google's official Android Market.

Just last week, Symantec was concerned about a "bot-like threat" that seemed to have infected millions of Android smartphones, but it turned out to be an advertising module from an ad network that did not even set off any alarms for Symantec's own mobile antivirus software.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit