Android phones sending out spam

If you’re using an Android phone it could, according to researchers, be used as part of a botnet. The research, which was performed by Microsoft, shows that Android devices can send mail out through Yahoo! mail servers, spamming people with adverts.

The Microsoft blog states that..

All of these message are sent from Android devices. We’ve all heard the rumors, but this is the first time I have seen it – a spammer has control of a botnet that lives on Android devices. These devices login to the user’s Yahoo Mail account and send spam.

Luckily, Yahoo stamps the IP address in the headers of where the device connected to its service. I looked up where the IPs are geo-located: Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela.

Those countries, it seems, have a very high level of Android malware apps – usually because apps are being “sideloaded” instead of getting installed via the Google Play store. The author, Terry Zink, goes on to say that..

I am betting that the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version and they got more than they bargained for. Either that or they acquired a rogue Yahoo Mail app.

So, as a rule of thumb, if you really want to avoid buying an app and go hunting around random download sites, or you’ve grabbed an app from a slightly dubious “store” it might be worth checking to see if you’re infected.

Link – MSDN Blog
Via – BBC (Thanks Marc Holmes for the tip)