X

Android spam scam is first smart phone botnet

Online scammers have hijacked Android phones to fire off a tidal wave of spam emails, according to a Microsoft researcher.

Richard Trenholm Former Movie and TV Senior Editor
Richard Trenholm was CNET's film and TV editor, covering the big screen, small screen and streaming. A member of the Film Critic's Circle, he's covered technology and culture from London's tech scene to Europe's refugee camps to the Sundance film festival.
Expertise Films, TV, Movies, Television, Technology
Richard Trenholm
2 min read

Online scammers have hijacked Android phones to fire off a tidal wave of spam emails. A Microsoft researcher has spotted spam emails that appear to carry authentic message IDs and declare that they are, "Sent from Yahoo! Mail on Android".

Microsoft researcher Terry Zink reckons the spam is coming from Android phones that have been infected by a botnet. If true, it's the first time this spam scam has exploited phones.

A botnet is a network of computers belonging to unsuspecting normal folk, blissfully unaware their computers have been infected by malware that sends out a torrent of spam email from their address.

For the first time, it appears ne'er-do-wells have figured out how to substitute smart phones for computers, taking hold of an Android phone like a demented glove puppet and spewing forth spam adverts for prescription drugs and other useless tat.

Some of the spam messages have images and some even have an animation.

The malware has resulted in emails sent from phone owners' Yahoo accounts. But don't go chucking your Android phone in a river just yet: the spam has come from Android phones in Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine and Venezuela.

Security expert Graham Cluley of anti-virus company Sophos suggests that although this trick has been carried out by researchers, this is the first time smart phones have been exploited in this way by wrong 'uns.

In Google's defence, Zink adds, "your odds of downloading and installing a malicious Android app are pretty low if you get it from the Android Marketplace (now known as Google Play)." Google also claims that there has recently been a, "40 per cent decrease in the number of potentially malicious downloads from Google Play".

If you're worried about the security of your phone, update to the latest software and avoid dodgy app stores. But even reputable app stores can contain malware -- Google Play doesn't monitor new apps and even Apple's heavily guarded App Store has been fooled -- so check your chosen app's user reviews to make sure it's legit. 

Do you use back-alley app stores? Are you worried about the safety of your Android phone? Tell me your thoughts in the comments or on our Facebook page.