FILED UNDER: FeaturedMalwareMobileSpam
Android pill pusherThe plot of the Android malware story thickens. SophosLabs has discovered the latest way to monetize mobile malware, using it as a spam botnet.
Historically mobile malware has made money from capturing SMS messages used for online banking authentication and sendingpremium-rate SMS messages to collect the subscription fees.
The messages appear to originate from compromised Google Android smartphones or tablets. All of the samples at SophosLabs have been sent through Yahoo!'s free mail service and contain correct headers and SPF signatures.
The first samples we analyzed were text only, but some other samples also contain images. An example pharmacy spam reads:
Incredible National Rx Store
Now offering medications for Weight Loss, Diabetics, Pain Reduction!!!
Reduced Prescription's
Viagra+Cialis Super Active, Alprazolam, Vicodin etc...
Pick Up You're Meds for 75% Off Today

Sent from Yahoo! Mail on Android
Some of the image spams not only have a graphic, but an animated one!
Android spam with animated pharma GIF
You can imagine the cellular phone bill you might receive if your phone is being used to download and spam out thousands of these messages.
Even if you thought you were going to buy some counterfeit Viagra from criminals because you are too embarrassed to see your physician, it is still a classic bait and switch. The URL leads to a knock-off "herbal Viagra" the performs miracles with no side effects.
It is likely that Android users are downloading Trojanized pirated copies of paid Android applications. The samples we analyzed originated in Argentina, Ukraine, Pakistan, Jordan and Russia.

Read More