Researchers from Symantec and North Carolina State University may have stumbled upon one of the largest and most lucrative mobile botnets yet.
First discovered by N.C. State researcher Saxon Jiang and then confirmed by Symantec, the botnet consists of of hundreds of thousands of infected nodes, said Cathal Mullaney, a Symantec security response engineer, in a blog post.
The malware used to grow the bot is being served on close to 30 rogue applications, available for download in third-party Chinese markets, not the official Android Market, Mullaney said. Once a phone is botted with the trojan, dubbed “Android.Bmaster,” it is used to send out premium-rate text messages, make premium phone calls or connect to pay-per-view videos.
Symantec researchers were able to get their hands on the command-and-control server that was administering the botnet to determine that the number of compromised phones reach into the hundreds of thousands. In addition, they estimate the botmasters generate up to $10,000 per day and up to $3.5 million annually.
“The botmaster has a fine-grained level of control over the infected devices,” Mullaney wrote. “Depending on which premium service [it] is attempting to contact, a number of configuration options are available to the botmaster.”
He noted that the botnet is capable of additional malicious activity.
“Since this is a remote administration tool, the malware is capable of receiving commands from the remote server,” Mullaney wrote.
by Dan Kaplan