Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Report Reveals Emerging Trend in Android Botnet Infections

Statistics show an increase in Android devices infected with crimeware that is actively communicating with multiple criminal C&C servers

Google Android devices are being caught in a Web of botnet activity at an unprecedented rate, according to new research by security firm Damballa.

Statistics show an increase in Android devices infected with crimeware that is actively communicating with multiple criminal C&C servers

Google Android devices are being caught in a Web of botnet activity at an unprecedented rate, according to new research by security firm Damballa.

In its threat report for the first half of 2011, Damballa observed that the number of Android devices engaging in live communications with a command-and-control server reached nearly 40,000 at one point. While the figure is nowhere near the numbers of PCs under the control of cyber-criminals, it does represent a significant jump in malware targeting mobile phones.

Android Botnet InfectionsDuring weeks 10 and 11 of the year, a malware outbreak peaked at 20,000 devices but was quickly quashed – something the firm attributes to devices and applications being remotely wiped when malicious apps were identified.

“As predicted, 2011 is shaping up to be the year that mobile malware will begin to be an issue for consumers and enterprises alike in North America,” according to the report. “Other countries (China being a great case in point) have already had to deal with significant outbreaks of mobile device infections.”

“Many of these devices connect to the corporate WiFi when brought to work,” the report continues. “They come into the network infected, and traditional security systems designed to protect traditional computing assets will not detect these infected mobile devices.”

According to Damballa Vice President of Research Gunter Ollmann, the majority of the malware associated with this C&C activity is designed to initially steal data stored on the handset such as email account passwords and then to serve as a jump point to other networks. If the phone connects to a WiFi network for example, the remote attacker can launch new attacks from the compromised device and proxy commands to other infected devices, he told SecurityWeek via email.

But while threats against Android have gotten plenty of headlines of late, the threat of compromised PCs did not lessen during the first half of the year. As it turns out, the notorious SpyEye crimeware kit jumped from number 10 in 2010 to number one on the list of the largest botnets.

“It’s not surprising to see “OneStreetTroop,” a botnet operation utilizing crimeware generated and managed by the popular SpyEye DIY (do-it-yourself) construction set, rise to prominence in the first half of 2011,” according to the report. “The developers behind the SpyEye Builder Kit acquired access to the Zeus Builder source code and have now combined the best of both crimeware development kits into a single commercial package. The malware is now more powerful and capable than ever. After the recent release of a ‘crack’ to version 1.3.45 of the SpyEye developer kit, as first reported by Damballa Labs, we expect to see widespread adoption of SpyEye in 2011 for the purposes of launching additional fraud campaigns.”

Advertisement. Scroll to continue reading.

Not unexpectedly, the list also demonstrated the prevalence of do-it-yourself crimeware kits. Of the top 10 largest botnets, eight utilize well-known off-the-shelf construction kits, the firm noted.

“Criminal operators continue to hone their craft in 2011 using crimeware that can be repurposed for multiple fraud opportunities, sold or leased to other criminals, and that is now successfully infiltrating the mobile space,” Ollmann said in a prepared statement. “As the arms race rages on between the criminals, their increasingly federated crime-as-a-service ecosystem, and the security professionals tasked with combating them, it has become increasingly important that the defenders obtain advanced knowledge of the existence and behavior of new criminal operators and their network of infected assets.”

Related Reading: Rethinking Cybersecurity in a Mobile World

Related Reading: Got Android? Some Considerations on Permissions and Security

Suggested Reading: Mitigation of Security Vulnerabilities on Android & Other Open Handset Platforms

Suggested Reading: Attacks on Mobile and Embedded Systems: Current Trends

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Jessica Newman has joined Sophos as General Manager of Global Cyber Insurance.

Breach and attack simulation solutions provider AttackIQ has appointed Pete Luban as Field Chief Information Security Officer.

Matthew Cowell has assumed the role of VP of Strategic Alliances at Nozomi Networks. He previously served in the same role at Dragos.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.