Android botnet turns infected handsets into SMS spam generators

Shawn Knight

Posts: 15,240   +192
Staff member

A new Trojan called SpamSolider that infects Android devices is to blame for an increasing number of spam text messages in the US. The malicious software is bundled alongside free versions of popular mobile games like Angry Birds Space and Need for Speed: Most Wanted, according to a recent report from The Register.

Once SpamSolider has infected a handset, it goes about sending out a slew of bogus text messages offering recipients a web link to a free game. Often times, a free game actually accompanies the spam but it’s just used as a distraction so users won’t get suspicious.

In the meantime, SpamSolider is busy sending out thousands of unsolicited SMS messages. The Trojan downloads a list of phone numbers from a command and control server, according to Andrew Conway from Cloudmark. The researcher said his company has seen a peak rate thus far of more than half a million texts per day courtesy of SpamSolider.

Researchers believe the person(s) behind the Tronajn first released it into the wild back in late October. It was originally marketed as an anti-spam app before the author changed course and decided to lure unsuspecting victims in with the offer of a free game instead.

It wasn’t until November 28 that the spammer began to monetize the attack with free gift card offers. As Conway points out, there are ultimately no free gift cards for the victim. Instead, spammers get to collect your personal data to use for affiliate programs to line their pockets with cash.

Permalink to story.

 
Gawd, I've gotten a few of these lately. "Katie said you need to look at these [link]"

Spam bots programmers should be hanged high.
 
^ heh, I pointed that out to Shawn in a PM about an hour after this article went live. Guess he didn't read it.
 
I remember a recent report telling 1/3rd of apps in android market being 'suspects/malware', and another that Google's malware protection is crappy at best. Hence, I guess, it is better stay with reputable/known sources for apps and avoid 'freeware' as far as possible. TBH I never believe 'freeware' is really free, there is always some catch here or there (with or without justification).
 
I remember a recent report telling 1/3rd of apps in android market being 'suspects/malware', and another that Google's malware protection is crappy at best. Hence, I guess, it is better stay with reputable/known sources for apps and avoid 'freeware' as far as possible. TBH I never believe 'freeware' is really free, there is always some catch here or there (with or without justification).
If you do not pay for a service than it is you that is being sold...
 
I use free avast(phone and computer), free malware bytes and free ccleaner. They have never given me any trouble. I have free gps on my phone, free google sky map and a matter of fact I have never paid for a app on my phone and have never had my phone give me problems. I had some random person's phone text me a spam once, but that's it. I get all my free apps, though not many, from the play store on my android phone. As the article mentions those apps were downloaded from a spammed web link.... I bet its pretty seldom anyone gets a malicious treat bundled in with their free app when they go through the proper channels, like androids play store.

Happy Fireball Friday! Gonna party like its 1999 duh nuh nuh nuh nuh. (dec 31 y2k oh my!)
 
Back