Microsoft engineer Terry Zink has discovered Android devices are being used to send spam. He has identified an international Android botnet and outlined the details on his MSDN blog.
Android malware is on the rise. There have been many fake versions of Android apps (see links below) that try to cash in by sending expensive SMS messages. This is different.
In this case, the money is being generated after spam e-mails are sent from Yahoo Mail servers on Android devices. A closer look at the e-mails' header information shows all the messages come from compromised Yahoo accounts. Furthermore, they are also stamped with the "Sent from Yahoo! Mail on Android" signature.
As such, Zink believes a cybercriminal has developed a new piece of malware that can access Yahoo Mail accounts on Android devices and send spam messages from them. Since this is happening on a large scale, it follows the perpetrator has also linked the Android devices together to create a spam botnet, a technique often used when trying to monetize spam; it's all about volume, volume, volume.
Since Yahoo provides the originating IP address for the e-mails, Zink was able to figure out where the spam is being sent from: Asia, Eastern Europe, the Middle East, and South America. More specifically, the e-mails Zink got his hands on came from Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela.
Most of these countries are in the developing world, and so the Microsoft engineer argues that users likely tried to download pirated versions of apps to avoid paying. Alternatively, they were tricked into downloading a fake version of the Yahoo Mail app. Either way, it's unlikely they used the official Google Play store.
Android lets you download and install apps from anywhere. Please only install apps from Google Play unless you are absolutely certain you know who wrote the software you want to install. Fighting malware isn't just the responsibility of security firms: you can help by being smart about what you install.