Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Criminals Test Android-based SMS Botnet with Moderate Success

Anti-Spam vendor Cloudmark recently spotted something new in the world of mobile threats: an Android-based SMS botnet. While the company describes the effort and overall operation of the botnet as primitive, the concern is that this is only the beginning.

Anti-Spam vendor Cloudmark recently spotted something new in the world of mobile threats: an Android-based SMS botnet. While the company describes the effort and overall operation of the botnet as primitive, the concern is that this is only the beginning.

Mobile botnets have always been a concern, especially given the explosion of mobile consumption in the U.S. alone. Everyone, from ages 12-60 it seems, has a mobile device somewhere, and for the most part if it isn’t Apple, it’s Android. Given that many of the Android devices on the market have a wide range of installation versions, the attack surface is wide – leading to speculation as far back as 2010 that mobile botnets were coming.

Android SMS BotnetNow it appears they have. Again, Cloudmark calls this recent discovery primitive, but it still managed to appear on 800 phones in the U.S. alone, and earlier this month was blasting some 500,000 SMS messages a day. The victims have no idea their phone is infected, even though the process of installing the malware included granting explicit permission to the criminals.

It started with a spammed SMS message inviting the user to install a popular software title from a 3rd party market, which in reality is mistake number one. From there, the victim is prompted to grant a number of unneeded permissions, including full Web access and the ability to send SMS messages.

“In the case of this latest batch of SMS sending malware that the Cloudmark Research team has been monitoring, your phone will be used to silently send out thousands of spam SMS messages without your permission to lists of victim phone numbers that the malware automatically downloads from a command and control server,” the company explained in a blog post.

The campaign started by offering victims a way to avoid SMS spam, something a bit ironic. Then it progressed by blasting SMS links to games, and then moved on to SMS blasts informing people that they’ve won a gift card. In each example, the victim was presented with an application, and in each case the victim installed it to their phone and granted full permissions.

“Compared with PC botnets this was an unsophisticated attack. However, this sort of attack changes the economics of SMS spam, as the spammer no longer has to pay for the messages that are sent if he can use a botnet to cover his costs. Now that we know it can be done, we can expect to see more complex attacks that are harder to take down.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...