Android botnet may net millions yearly for its operators

Share this article:

Researchers from Symantec and North Carolina State University may have stumbled upon one of the largest and most lucrative mobile botnets yet.

First discovered by N.C. State researcher Saxon Jiang and then confirmed by Symantec, the botnet consists of of hundreds of thousands of infected nodes, said Cathal Mullaney, a Symantec security response engineer, in a blog post.

The malware used to grow the bot is being served on close to 30 rogue applications, available for download in third-party Chinese markets, not the official Android Market, Mullaney said. Once a phone is botted with the trojan, dubbed "Android.Bmaster," it is used to send out premium-rate text messages, make premium phone calls or connect to pay-per-view videos.

Symantec researchers were able to get their hands on the command-and-control server that was administering the botnet to determine that the number of compromised phones reach into the hundreds of thousands. In addition, they estimate the botmasters generate up to $10,000 per day and up to $3.5 million annually.

"The botmaster has a fine-grained level of control over the infected devices," Mullaney wrote. "Depending on which premium service [it] is attempting to contact, a number of configuration options are available to the botmaster."

He noted that the botnet is capable of additional malicious activity.

"Since this is a remote administration tool, the malware is capable of receiving commands from the remote server," Mullaney wrote.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.