Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Android Botnet Claims Come in to Question, Debate

Yesterday, SecurityWeek reported on a blog post by Microsoft security researcher Terry Zink, who said that a spammer had control of Android devices. As it turns out, while malware on the Android platform is a reality, spammers may not have gained total control.  

“All of these message are sent from Android devices,” Zink wrote initially. He was commenting on an unusually high number of junk emails that had Yahoo Mail headers, and an Android-based signature.

Yesterday, SecurityWeek reported on a blog post by Microsoft security researcher Terry Zink, who said that a spammer had control of Android devices. As it turns out, while malware on the Android platform is a reality, spammers may not have gained total control.  

“All of these message are sent from Android devices,” Zink wrote initially. He was commenting on an unusually high number of junk emails that had Yahoo Mail headers, and an Android-based signature.

“We’ve all heard the rumors, but this is the first time I have seen it – a spammer has control of a botnet that lives on Android devices. These devices login to the user’s Yahoo Mail account and send spam,” he added.

Android BotnetHowever, less than twenty-four hours later, Zink changed his tune some. He acknowledged comments that said the headers could be spoofed, mirroring various other security experts that noted that it was entirely possible that an infected PC was behind the junk messages.  

On the other hand, he adds, “the other possibility is that Android malware has become much more prevalent and because of its ubiquity, there is sufficient motivation for spammers to abuse the platform. The reason these messages appear to come from Android devices is because they did come from Android devices.”

Either way, Google isn’t having it. In an interview with The Register, a Google spokesperson said that Microsoft’s evidence doesn’t support the claim. 

“Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they’re using.”

After Google denounced Zink’s original claims, Sophos’ Chester Wisniewski still had his doubts. “So one of two things is happening here. We either have a new PC botnet that is exploiting Yahoo!’s Android APIs or we have mobile phones with some sort of malware that uses the Yahoo! APIs for sending spam messages,” Wisniewski noted in blog post.

“One of the interesting data points supporting the argument that this is new Android malware is the unusually large number of the originating IPs on cellular networks,” he added.

SecurityWeek did contact Google with questions but was responded to with a note saying the press office was closed July 4-6 for Independence Day.

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...