Android spam scam is first smart phone botnet

Online scammers have hijacked Android phones to fire off a tidal wave of spam emails, according to a Microsoft researcher.

Online scammers have hijacked Android phones to fire off a tidal wave of spam emails. A Microsoft researcher has spotted spam emails that appear to carry authentic message IDs and declare that they are, "Sent from Yahoo! Mail on Android".

Microsoft researcher Terry Zink reckons the spam is coming from Android phones that have been infected by a botnet. If true, it's the first time this spam scam has exploited phones.

A botnet is a network of computers belonging to unsuspecting normal folk, blissfully unaware their computers have been infected by malware that sends out a torrent of spam email from their address.

For the first time, it appears ne'er-do-wells have figured out how to substitute smart phones for computers, taking hold of an Android phone like a demented glove puppet and spewing forth spam adverts for prescription drugs and other useless tat.

Some of the spam messages have images and some even have an animation.

The malware has resulted in emails sent from phone owners' Yahoo accounts. But don't go chucking your Android phone in a river just yet: the spam has come from Android phones in Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine and Venezuela.

Security expert Graham Cluley of anti-virus company Sophos suggests that although this trick has been carried out by researchers, this is the first time smart phones have been exploited in this way by wrong 'uns.

In Google's defence, Zink adds, "your odds of downloading and installing a malicious Android app are pretty low if you get it from the Android Marketplace (now known as Google Play)." Google also claims that there has recently been a, "40 per cent decrease in the number of potentially malicious downloads from Google Play".

If you're worried about the security of your phone, update to the latest software and avoid dodgy app stores. But even reputable app stores can contain malware -- Google Play doesn't monitor new apps and even Apple's heavily guarded App Store has been fooled -- so check your chosen app's user reviews to make sure it's legit. 

Do you use back-alley app stores? Are you worried about the safety of your Android phone? Tell me your thoughts in the comments or on our Facebook page.

Tags:
Phones
About the author

Rich Trenholm is a senior editor at CNET where he covers everything from phones to bionic implants. Based in London since 2007, he has travelled the world seeking out the latest and best consumer technology for your enjoyment.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

Last-minute gift ideas

Under pressure? These will deliver on time

With plenty of top-notch retailers offering digital gifts, you still have time to salvage your gift-giving reputation.