Android Malware Botnet Affects 100,000+ Android Devices

Tagged: , ,

More Android Malware scams:

A report in tech week Europe shows that a certain botnet has been found that is said to affect hundreds of thousands of Android devices, making the hackers a potential fortune every year, this is according to security research firm Symantec and researchers from the North Carolina State University.

New Botnet has two names:

The finder of the “RootStrap” botnet is called Xuxian Jiang of North Carolina State University. Symantec however call the malware another name: Android.Bmaster.

Chinese origins:

This particular malware is spread via 3rd party application markets in China and is seen bundled with some 30 seemingly legitimate applications.

Symantec researcher Cathal Mullaney said:

“Trojanised applications are a well known infection vector for Android malware, as they allow malware to be distributed while retaining the appearance of a legitimate application,”

The controller of the botnet aka the “botmaster”, (what a title) has huge control of the device once it is compromised, with revenue generation coming from secretly transmitted premium rate SMS messages, and the connection to premium rate numbers and pay per view videos.

With the botmaster able to take control of the device and delete texts, numbers, and infiltrate or stop communication warning the owner of the compromised device, yes, this particular style of botnet is seriously canny.

Mullaney said:

“The botmaster has a fine grained level of control over the infected devices, an infected device can be configured to send messages to a particular premium SMS number at a specific rate (three a day, for instance) for a certain number of days. Devices connecting to premium video or telephony services can also be configured for how long they should connect to a premium phone number or pay-per-view website.”

Elevated privileges:

Once the botnet has found its way onto your device and installed itself, it then downloads the gingerbread jailbreak tool and uses this to elevate its privileges on your device, after this it then downloads the Bmaster remote admin tool and malware including DroidLive.

So this is not a simple piece of malware but actually a rather sophisticated little sneak that uses layering methods to get to its goal of making the owner easy money from your device.

Infected devices will transmit data that is easily traceable by the hackers, so they can locate and identify your own device which includes being able to identify you IMEI and IMSI numbers, plus your location area code and mobile network code.

This actual malware has been reported since September 2011, and is thought to be one of a new wave of highly malicious money making Trojans that are slowly equaling the desktop Trojans that have infected so many Windows base PC’s over the years, could Android’s open operating system and less regulated marketplace for apps now be the new scourge of the average Joe?

We must point out that this particular malware is from third party marketplaces and not the Android one itself.

It is reported that around 10,000-30,000 devices are being affected per day.

How much is in this for the hackers?

Android Malware Make Hackers Very Rich
Android Malware Make Hackers Very Rich

Mullaney wrote:

“The motivation behind the botnet is financial, taking our two example dates as the lower and upper bounds of the number of active infected devices, we can see the botmaster is generating anywhere between $1,600 (£1,013) to $9,000 (£5,695) per day and $547,500 (£346,504) to $3,29m (£2.1m) per year the botnet is running.”

Talking of the Android operating system as a whole and mobile applications he stated:

“This is not the first example of an active, revenue-generating Android botnet we have seen, however, considering the huge market for Android apps, the availability of third-party app stores without security checks, and the massive revenue which can be generated from this type of botnet, Android.Bmaster’s million-dollar botnet certainly won’t be the last.”

We have covered a few stories in recent months related to Malware in the Android application market and have heard that Google are starting to crack down on the threat to the overall eco-system, though it seems likely that there will be many many more scams like this occurring as we allow deeper and deeper relationships to be forged between ourselves and our mobile devices in all areas of our lives.

Anthony Munns