Android botnet may net millions yearly for its operators

Share this article:

Researchers from Symantec and North Carolina State University may have stumbled upon one of the largest and most lucrative mobile botnets yet.

First discovered by N.C. State researcher Saxon Jiang and then confirmed by Symantec, the botnet consists of of hundreds of thousands of infected nodes, said Cathal Mullaney, a Symantec security response engineer, in a blog post.

The malware used to grow the bot is being served on close to 30 rogue applications, available for download in third-party Chinese markets, not the official Android Market, Mullaney said. Once a phone is botted with the trojan, dubbed "Android.Bmaster," it is used to send out premium-rate text messages, make premium phone calls or connect to pay-per-view videos.

Symantec researchers were able to get their hands on the command-and-control server that was administering the botnet to determine that the number of compromised phones reach into the hundreds of thousands. In addition, they estimate the botmasters generate up to $10,000 per day and up to $3.5 million annually.

"The botmaster has a fine-grained level of control over the infected devices," Mullaney wrote. "Depending on which premium service [it] is attempting to contact, a number of configuration options are available to the botmaster."

He noted that the botnet is capable of additional malicious activity.

"Since this is a remote administration tool, the malware is capable of receiving commands from the remote server," Mullaney wrote.

Share this article:

Sign up to our newsletters

More in News

Research shows vulnerabilities go unfixed longer in ASP

Research shows vulnerabilities go unfixed longer in ASP

A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in ...

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.