Smartphone Botnet’s Arrive.

For some time now we have been predicting that the next evolution in smartphone malware will be for this type of malware to move closer to parity with traditional desktop malware. This has now been confirmed by Trend Micro who have found a varient of Malware – ANDROIDOS_ANDROIDSERVERBOT.A apparently originating from China that masquerades as an e-book reader app. Once on an infected device this malware uses an internet Blog site as its Command and Control server, joining infected devices into an army of zombie smartphones:

Permissions requested by ANDROIDOS_ANSERVERBOT.A
Permissions requested by ANDROIDOS_ANSERVERBOT.A

“From our analysis, we found that this malware has two hardcoded C&C servers to which it connects in order to receive commands and to deliver payloads. The first server is just like the usual remote site to which the malware posts information to and gets commands from. The second C&C server, however, caught our attention more. This is a blog site with encrypted content, which based on our research, is the first time Android malware implemented this kind of technique to communicate.”

Image showing how ANDROIDOS_ANDROIDSERVERBOT.A uses tts C&C

In an additional element of parity, this Malware also has the capability to disable on device security software, terminating the following chinese security apps:


Smartphones are full computing platforms. This latest threat evolution was entirely predictable yet in my view very little is being done at the consumer end or even at the telco end to protect against the impact this sort of infection could represent.

Just imagine an army of millions of infected phones all calling premium rate numbers or sending out spam emails….

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s