domestic anti-virus vendor “Doctor Web” said the discovery of “the world’s largest botnet of infected mobile devices based on the OS Android».
Company announces that she knows more than 200 thousand units, belonging to the family of infected Android.SmsSend, belong to it, and most of them located in the CIS: 128458 units owned by Russian users, 39020 21555 Ukrainian and Kazakh.
Compromise devices occurred through a variety of Trojans, including a new Trojan Android.SmsSend.754.origin, distributed under the guise of the application Flow_Player.apk.
also used it to infect Trojans Android.SmsSend.412.origin, disguised as a browser, Android.SmsSend.468.origin, disguised as a client for the social network “Facebook” and Android.SmsSend.585.origin.
when attempting to implement programs in the operating system require the user to run it with administrator rights. After installing the Trojan botnet operators they send data about the infected device: identifier IMEI, data sheet, the victim’s phone number, cell phone model and OS version.
The command server Android.SmsSend.754.origin can send SMS (including for premium numbers), to carry out SMS-mailing to contacts of the infected phone, including malicious links, spontaneously open in the browser the desired Web page and etc.
distribution map botnets on the version of “Doctor Web»
In “Doctor Web” speak about the case spread Android.SmsSend.754.origin as one of the most popular cases of mobile devices running Android, recorded in the current half year and assess the damage caused to the victims of this incident as “many hundreds of thousands dollars ».
Antivirus expert “Kaspersky Lab» Victor Chebyshev at odds with the “Doctor Web” in assessing the scale of botnets, and doubts that speaking about 200 million smartphones infected his colleagues call the real numbers.
However, Chebyshev said, his company was able to prevent more than 150 million attempts to infect smartphones only one family from the class of Trojan-SMS, where the classification “Kaspersky” is Android.SmsSend.754.origin.
In the nomenclature of “Kaspersky Lab” family Android.SmsSend class called Trojan-SMS, and include in it more than 6 million malicious applications from different families. Included in this class Android.SmsSend.754.origin, which, according to “Doctor Web” is built the largest botnet Android-smartphone in the “laboratory” is not considered the most widespread malicious program.
One of the periods of active dissemination Android.SmsSend.754.origin (in the classification of “Kaspersky» Trojan-SMS.AndroidOS.Opfake.a), was recorded in mid-August 2013
According to the data transmitted in the “laboratory” of an unnamed Russian mobile operator control for five o’clock it was sent out to subscribers of more than 600 SMS with a link to a modified Trojan-SMS.AndroidOS.Opfake.a. In most cases, says Victor Chebyshev, sending malicious SMS occurred with already infected devices, while usually such mailings are made with SMS-gateways.
Some devices infected with trojan Trojan-SMS.AndroidOS.Opfake.a was leased to distribute another Trojan: Backdoor.AndroidOS.Obad.a, – the experts say, “Kaspersky”. In its turn, in the LC called “the most sophisticated mobile Trojan” that can send SMS to premium numbers, self-install on the infected device other malware and the remote server to execute commands.