Yahoo! email spam linked to Android botnet

Jul 4, 2012
2

Malware has increasingly become a problem for Android, with most malicious apps intended to send premium text messages in the background that will rack up a nasty phone bill. Android might also be used to setup botnets and send spam emails, according to Terry Zinck’s blog on MSDN. He discovered that standard spam email messages were being sent from Yahoo! Mail servers on Android devices.

Zinck took a closer look at the header information and signatures that were being sent out with the spam. All the messages come from compromised Yahoo! accounts and sent through Yahoo! Mail servers, and all also seem to finish with the “Sent from Yahoo! Mail on Android” signature. Zinck postulates that a hacker has developed a botnet that can access Yahoo! Mail accounts on Android devices and send spam messages as a result.

Yahoo! does provide the IP address of where the emails came from, with origin countries including Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela. The odds of downloading a malicious app on the Play Store are extremely low, so Zinck believes that users are tracking down pirated versions of apps to avoid paying, or have acquired a fake version of the Yahoo! Mail app.


Must Read Bits & Bytes