Android.Bmaster: A million-dollar mobile botnet

Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Android.Bmaster: A million-dollar mobile botnet
Botnet Bmaster
Malware RootSmart
Botnet/malware group
Exploit kits
Distribution vector
Operation/Working group
Date 2012 / 2012 02 09
Editor/Conference Symantec
Link (Archive copy)
Author Cathal Mullaney


We recently came across a new piece of Android malware, first highlighted by NC State’s Xuxian Jiang, and began investigating the command-and-control (C&C) servers associated with the threat. The malware was discovered on a third party marketplace (not the Android Market) and is bundled with a legitimate application for configuring phone settings. Trojanized applications are a well known infection vector for Android malware, as they allow malware to be distributed while retaining the appearance of a legitimate application.

Analysis of these servers indicate the total number of infected devices connected to the botnet over its entire life span numbered in the hundreds of thousands. The number of infected devices on a given day able to generate revenue was 10,000 to 30,000 on average, enough to potentially net the botmaster millions of dollars annually if infection rates are sustained. Profit estimations can be found in the "Revenue generation" section below. So far, the botmaster has been operating at these rates since September 2011. The botnet targets mobile users in China (the Trojanized application is only available for download from third-party Chinese markets). Revenue generation through premium SMS, telephony, and video services is also limited to the networks of China's two largest mobile carriers. Since the botnet has been active for a considerable amount of time, the botmaster has already earned hundreds of thousands of potential dollars during its operation. Also, while this is not the first botnet of this type we have found, this is the first time we are revealing detailed information regarding profitable revenue generation.


   editor = {Symantec},
   author = {Cathal Mullaney},
   title = {Android.Bmaster: A million-dollar mobile botnet},
   date = {Error: Invalid time.},
   month = Error: Invalid time.,
   year = {2012},
   howpublished = {\url{}},