Android botnet may net millions yearly for its operators

Share this article:

Researchers from Symantec and North Carolina State University may have stumbled upon one of the largest and most lucrative mobile botnets yet.

First discovered by N.C. State researcher Saxon Jiang and then confirmed by Symantec, the botnet consists of of hundreds of thousands of infected nodes, said Cathal Mullaney, a Symantec security response engineer, in a blog post.

The malware used to grow the bot is being served on close to 30 rogue applications, available for download in third-party Chinese markets, not the official Android Market, Mullaney said. Once a phone is botted with the trojan, dubbed "Android.Bmaster," it is used to send out premium-rate text messages, make premium phone calls or connect to pay-per-view videos.

Symantec researchers were able to get their hands on the command-and-control server that was administering the botnet to determine that the number of compromised phones reach into the hundreds of thousands. In addition, they estimate the botmasters generate up to $10,000 per day and up to $3.5 million annually.

"The botmaster has a fine-grained level of control over the infected devices," Mullaney wrote. "Depending on which premium service [it] is attempting to contact, a number of configuration options are available to the botmaster."

He noted that the botnet is capable of additional malicious activity.

"Since this is a remote administration tool, the malware is capable of receiving commands from the remote server," Mullaney wrote.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.