Android botnets? Not so, says Google
A couple of days ago Microsoft researcher Terry Zink claimed he’d uncovered evidence of Android phones being used as part of a botnet to send spam from Yahoo Mail servers. In his blog post on July 3rd he reported that the spam, which included "androidMobile" in the message header, and "Sent from Yahoo! Mail on Android" at the bottom of the emails, was being sent from devices located in Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine and Venezuela. He then went on to speculate that users of the infected phones might have installed Trojanized pirated versions of legitimate apps, and become infected that way.
Security experts Sophos, agreed with his findings after running investigations of its own on the spam messages, but didn’t actually find or test any of the supposed malware itself. Google has since denied that any Android devices have been compromised in this way, stating there was no evidence to prove Zink’s claim, and that the junk messages had just been formatted to look as if they originated on Android handsets.
"Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they're using," a Google spokesperson says in a statement.
In a follow up blog post Zink agrees that the headers could have been spoofed, but still feels there’s every chance that the messages were sent from compromised devices.
At the moment there’s no way to know for certain, but as Android malware is definitely on the rise, it’s not beyond the realms of possibility.