Android.Bmaster: A million-dollar mobile botnet
(Publication) Google search: [1]
| Android.Bmaster: A million-dollar mobile botnet | |
|---|---|
| Botnet | Android.Bmaster |
| Malware | RootSmart |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 9 février 2012 |
| Editor/Conference | Symantec |
| Link | http://www.symantec.com/connect/blogs/androidbmaster-million-dollar-mobile-botnet www.symantec.com (www.symantec.com Archive copy) |
| Author | Cathal Mullaney |
| Type | |
Abstract
“ We recently came across a new piece of Android malware, first highlighted by NC State’s Xuxian Jiang, and began investigating the command-and-control (C&C) servers associated with the threat. The malware was discovered on a third party marketplace (not the Android Market) and is bundled with a legitimate application for configuring phone settings. Trojanized applications are a well known infection vector for Android malware, as they allow malware to be distributed while retaining the appearance of a legitimate application.
Analysis of these servers indicate the total number of infected devices connected to the botnet over its entire life span numbered in the hundreds of thousands. The number of infected devices on a given day able to generate revenue was 10,000 to 30,000 on average, enough to potentially net the botmaster millions of dollars annually if infection rates are sustained. Profit estimations can be found in the "Revenue generation" section below. So far, the botmaster has been operating at these rates since September 2011. The botnet targets mobile users in China (the Trojanized application is only available for download from third-party Chinese markets). Revenue generation through premium SMS, telephony, and video services is also limited to the networks of China's two largest mobile carriers. Since the botnet has been active for a considerable amount of time, the botmaster has already earned hundreds of thousands of potential dollars during its operation. Also, while this is not the first botnet of this type we have found, this is the first time we are revealing detailed information regarding profitable revenue generation.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR863,
editor = {Symantec},
author = {Cathal Mullaney},
title = {Android.Bmaster: A million-dollar mobile botnet},
date = {Error: Invalid time.},
month = Error: Invalid time.,
year = {2012},
howpublished = {\url{http://www.symantec.com/connect/blogs/androidbmaster-million-dollar-mobile-botnet www.symantec.com}},
}