AndroidBauts

The AndroidBauts botnet is a network of infected Android devices that are used for promoting advertisements to users online. At one point, the number of infected devices was more than 550,000. The creators of the AndroidBauts botnet are able to gather data regarding the compromised devices - both software and hardware. Most of the infected devices appear to be located in India and Indonesia. However, a significant number of compromised Android devices that belong to the AndroidBauts botnet also can be found in Russia, Argentina, Vietnam, Malaysia and other countries.

Propagated via Fake Applications

The operators of the AndroidBauts botnet are likely to have infected this staggering amount of devices by hosting fake applications on the official Google Play Store. Users tend to be less careful when they are downloading applications from the Google Play Store because they believe the developers would not allow any potentially unsafe applications on their platform, but this is not always the case. Since the activity of the AndroidBauts botnet was detected, the Google Play Store has taken down all applications related to the adware. However, despite the efforts, it is highly likely that thousands of Android devices around the world are still being compromised by the threat.

AndroidBauts’ Other Capabilities

Apart from spamming users with advertisements, the AndroidBauts adware can serve as an information-gathering tool. This adware can gather:

• The Android version.
• Information about the administrator privileges of the user.
• The unique hardware address (MAC) of the device.
• Information about the processor model, frequency, number of cores and manufacturer.
• Phone number 1 and 2, in case that the user has two SIM cards installed.
• Size of the phone storage and availability and size of the memory card.
• IMSI, IMSI2, IMEI and IMEI2.

The operators of the AndroidBauts adware are able to execute remote commands on the compromised host. The information collected by the adware is transferred to the server of its operators. Thanks to the device data, which is sent to the AndroidBauts operators, they can see if the device is online currently, check the status of the advertisements, send a new ad request, or update information regarding the device if there are any new inputs.

Keeping in mind the functionality of the AndroidBauts adware, it is not unlikely that its operators may opt to use it in a much more harmful manner in the future. However, for now, it is just adware that is likely to cause users irritation, and thus it is recommended that they remove it from their Android device.