Android Malware Scam Nets Millions Per Year

Hackers have constructed a botnet affecting hundreds of thousands of Android devices and potentially generating millions of pounds per year, according to security researchers from Symantec and North Carolina State University.

The botnet was uncovered by Xuxian Jiang of North Carolina State University, who used the name RootStrap to designate the malware involved, with further research carried out by Symantec, which calls the malware Android.Bmaster.

Chinese infections

The code is spread via third-party application marketplaces in China and is bundled with around 30 legitimate applications, Symantec said last week.

“Trojanised applications are a well known infection vector for Android malware, as they allow malware to be distributed while retaining the appearance of a legitimate application,” said Symantec researcher Cathal Mullaney in a blog post.

The malware takes over a user’s device and generates revenues by secretly transmitting premium-rate SMS messages, connecting to premium-rate numbers and accessing pay-per-view videos, researchers said.

The botnet’s operators have such close control over compromised devices that they are also able to delete the numbers, texts and videos involved from the device’s records and block incoming messages that may alert a user to the infection, Symantec said.

“The botmaster has a fine grained level of control over the infected devices,” Mullaney wrote. “An infected device can be configured to send messages to a particular premium SMS number at a specific rate (three a day, for instance) for a certain number of days. Devices connecting to premium video or telephony services can also be configured for how long they should connect to a premium phone number or pay-per-view website.”

Privilege escalation

Once installed, the malware downloads the GingerBreak jailbreak tool and uses it to elevate its privileges on the devices, after which it downloads and installs the BMaster remote administration tool and malware including DroidLive.

The infected handset transmits data to the hackers that allows them to identify and locate the device, including IMEI and IMSI numbers, location area code and mobile network code.

Symantec said Android.Bmaster, which has been running since September 2011, represents a new wave of revenue-generating Trojans that rank on par with desktop botnets.

The company accessed the botnet’s command-and-control servers and found that the number of active, infected devices ranged from 10,000 to 30,000 per day.

“The motivation behind the botnet is financial,” Mullaney wrote. “Taking our two example dates as the lower and upper bounds of the number of active infected devices, we can see the botmaster is generating anywhere between $1,600 (£1,013) to $9,000 (£5,695) per day and $547,500 (£346,504) to $3,29m (£2.1m) per year the botnet is running.”

He said such scams are likely to constitute a growing problem for the Android platform.

“This is not the first example of an active, revenue-generating Android botnet we have seen,” he wrote. “However, considering the huge market for Android apps, the availability of third-party app stores without security checks, and the massive revenue which can be generated from this type of botnet, Android.Bmaster’s million-dollar botnet certainly won’t be the last.”

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Northvolt Mulls US Bankruptcy Protection – Report

Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…

1 day ago

FTC Plans Investigation Into Microsoft Cloud Business – Report

Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC

1 day ago

Programmer Sentenced To Five Years In Prison For Bitcoin Laundering

Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…

1 day ago

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

2 days ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

2 days ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

2 days ago