New Android malware makes spam-texting more economical

Botnet agent spreads through bogus version of popular games and turns Android devices into spam-texting zombies

A spammer botnet agent dubbed SpamSoldier that uses infected Android phones to send a barrage of SMS spam is making its rounds, and according to security company Cloudmark, the malware marks a new evolution in malicious mobile applications.

"Compared with PC botnets, this was an unsophisticated attack," wrote Andrew Conway, a security researcher at Cloudmark. "However, this sort of attack changes the economics of SMS spam, as the spammer no longer has to pay for the messages that are sent if he can use a botnet to cover his costs. Now that we know it can be done, we can expect to see more complex attacks that are harder to take down."

SpamSoldier is spreading via SMS messages advertising purportedly free versions of popular Android games like Need for Speed and Angry Birds Space. Users who download the freebies and grant it all sorts of permission to access their phones' resources will unwittingly turn their devices into zombies that will silently send out thousands of spam SMS messages to numbers downloaded from a command and control server.

"The zombie communicates with the C&C server using HTTP. Typically a message and a list of 50 numbers are returned," according to Conway. "The zombie waits 1.3 seconds after sending each message, and checks with the C&C server every 65 seconds for more numbers. The application reloads automatically after a reboot as it installs itself as a service on the handset."

The costs for those texts will show up on victims' bills if they don't have unlimited messaging plans.

According to Cloudmark, SpamSoldier first appeared on Oct. 26 and was being spread under the guise of antimalware for mobile, downloaded from sites on a server in Hong Kong offering free games. The schemer behind the attack then changed his or her approach in early November, masking the malware as free games. The spammer later added spam ads for free gift cards to the mix. "This stayed as a fairly low volume attack until the end of the week before last, when the spammer decided to ramp up his activities. For a couple of days, we saw growth rates of 80 percent per day, with a peak rate of over half a million SMS messages per day," Conway wrote.

According to Lookout, the distribution of the malware is thus far limited, but the company has observed instances on all major U.S. carriers. "The potential impact to mobile networks may be significant if the threat goes undetected for a long period of time," according the Lookout's security alert. "The primary negative impact appears to be the large amount of SMS messages sent and the potential this has to result in charges to the user and/or a slowdown of the carrier's network."

Cloudmark's advice for avoiding malware infection is to only install Android apps from Google Play. Notably, though, not even apps in Google's official Android app repository are guaranteed to be safe, despite the company's ongoing efforts to keep out malware.

This story, "New Android malware makes spam-texting more economical," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow on Twitter.

Copyright © 2012 IDG Communications, Inc.

InfoWorld Technology of the Year Awards 2023. Now open for entries!