06th Jul, 2012
New Android Spam Malware Sneaks In Via Yahoo! Mail
Messages containing animated images being sent via the Yahoo! Mail app; botnet's origin is yet unknown.
The Android platform has seen its share of malware attacks. Many unsuspecting users have fallen prey to inflated mobile bills, courtesy of outgoing SMSs and calls. However, SophosLabs has uncovered a new spam botnet that aims to monetize mobile malware, reportedly by exploiting Yahoo! Mail's Android app.
Naked Security adds, "The messages appear to originate from compromised Google Android smartphones or tablets. All of the samples at SophosLabs have been sent through Yahoo!'s free mail service and contain correct headers and DKIM signatures".
Apparently some images in this spam message that ends with the footer, "Sent from Yahoo! Mail on Android" also have animated images, which inflate your data usage charges.
Initially, it was not clear whether this malware originated via infected Android devices, or from Yahoo! Mail's servers. However, in a new update, SophosLabs has clarified that the images have not been forged, as it was believed earlier. However, the origin of the malware is yet to be ascertained.
The post explains, "We either have a new PC botnet that is exploiting Yahoo!'s Android APIs or we have mobile phones with some sort of malware that uses the Yahoo! APIs for sending spam messages". It further states, "One strike against the theory is that the accounts used to send the spam appear to be randomly generated, not like the messages are being sent using victim Yahoo! accounts. The other strike is the total absence of malware using the Yahoo! Android API for either platform. Until we find a sample targeting Windows, Mac or mobile phones, it will remain a mystery. I'm sure the mystery will be solved, but we don't know the answer right now".
Microsoft's Terry Zink hints on his blog that the bot indeed originated via infected Android devices. He adds, "The reason these messages appear to come from Android devices is because they did come from Android devices".
Google, has issued a statement that says, "The evidence we’ve examined does not support the Android botnet claim. Our analysis so far suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they’re using. We’re continuing to investigate the details".
Whatever be the case, till experts figure out how this bot operates and where exactly it originated from, users are advised to install apps from trusted sources only.