We often speak of smartphones as more like mini computers than mobile telephones. Now we’ve may have the downside of such similarities: a botnet made up of Android handsets rather than PCs.
A Microsoft security blogger has noted that a recent batch of spam e-mails showed many familiar characteristics: it all come from hijacked Yahoo e-mails and offered bogus stock tips. However, Terry Zink also noticed that all the messages had a message saying they were sent from an Android device, a claim backed up by the code that is sent along with the message.
According to Zink, many of the messages came from developing nations, or those such asRussiawhere cybersecurity is relaxed to say the least.
Zink’s theory is that people in these countries are more likely to seek out sources of smartphone apps other than the official Android market (now known as Google Play), and are also less likely to exercise security concerns. He openly speculates that the phone owners concerned have been seeking free knock-off copies of legitimate paid-for apps.
Naturally you have to take into account that a Microsoft employee has some interest in disparaging both Yahoo and the Android system, and there certainly seems to be some degree of assumption in Zink’s claims. It’s also fair to note that at the moment we can only infer there’s a botnet at work from the results: there isn’t yet specific evidence such a botnet exists, or any indication as to what the relevant malware is, or what form of disguise it uses in app stores.
Still, regardless of Zink’s motivation, it’s certainly a plausible theory, and serves as a reminder that with an open operating system users need to exercise the same level of caution and suspicion as they would when downloading and installing software for a PC.