company “Doctor Web” found a large botnet of 200,000 infected mobile devices based on the operating system Android.
domestic anti-virus vendor “Doctor Web,” said the discovery of “the world’s largest botnet of infected mobile devices based on the operating system Android”. The company says that it knows about more than 200 thousand units, belonging to the family of infected Android.SmsSend, its member, with most of them located in the CIS: 128458 units owned by Russian users, 39020 21555 Ukrainian and Kazakhstan, according to CNews.
Compromise devices occurred through a variety of Trojans, including a new Trojan Android.SmsSend.754.origin, distributed under the guise of the application Flow_Player.apk. In addition to his Trojans were used to infect Android.SmsSend.412.origin, disguised as a browser, Android.SmsSend.468.origin, disguised as a client for social networks, “Classmates” and Android.SmsSend.585.origin.
when attempting to implement programs in the operating system require the user to run it with administrator rights. After installing the Trojan botnet operators they send data about the infected device: identifier IMEI, data sheet, the victim’s phone number, cell phone model and OS version.
The command server Android.SmsSend.754.origin can send SMS (including for premium numbers), to carry out SMS-mailing to contacts of the infected phone, including malicious links, spontaneously open in the browser the desired Web page and etc.
In “Doctor Web” talk about the extensions Android.SmsSend.754.origin as one of the most popular cases of mobile devices running Android, recorded in the current half year and assess the damage caused to the victims of this incident as “many hundreds of thousands dollars “.
Antivirus expert “Kaspersky Lab” Victor Chebyshev odds with the “Doctor Web” in assessing the scale of botnets, and doubts that speaking about 200 million smartphones infected his colleagues call the real numbers. However, says Chebyshev, his company was able to prevent more than 150 million attempts to infect smartphones only one family from the class of Trojan-SMS, where the classification “Kaspersky” is Android.SmsSend.754.origin.
In the nomenclature of “Kaspersky Lab” family Android.SmsSend class called Trojan-SMS, and include in it more than 6 million malicious applications from different families. Included in this class Android.SmsSend.754.origin, which, according to “Doctor Web” built the largest botnet Android-smartphone in the “Lab” are not considered the most widespread malicious program.
One of the periods of active dissemination Android.SmsSend.754.origin (in the classification of “Kaspersky” Trojan-SMS.AndroidOS.Opfake.a), was recorded in mid-August 2013 on the data transmitted in the “Lab” an unnamed Russian mobile operator for controlling five o’clock it was sent out to subscribers of more than 600 SMS with a link to a modified Trojan-SMS.AndroidOS.Opfake.a. In most cases, says Victor Chebyshev, sending malicious SMS occurred with already infected devices, while usually such mailings are made with SMS-gateways.