Android Malware Spreads Spam Through Yahoo Mail Accounts and Creates Botnets

android-malware-appsThose who use mobile devices running Android may want to take note of the latest Internet security threat that could take over mobile phones to spread spam through a botnet.

Terry Zink, a Microsoft security engineer, has claimed that Android mobile phones could spread spam through a botnet designed to take control of specific Yahoo accounts. The new botnet, which will essentially log into user's Yahoo accounts, will send out a plethora of spam emails to various recipients potentially spreading malicious links or malware threats.

Through the findings of Zink, he has claimed that the infected Android phones were found in several countries including Chile, Lebanon, Indonesia, Russia, Saudi Arabia, Venezuela, Thailand, Oman, the Ukraine, and the Philippines. The main culprit in this situation remains to be a rogue Yahoo Mail app.

The emergence of malware on Android devices, including cell phones, is really nothing new. We have reported on instances where Android devices were the brunt of malware attacks from Trojans and other threats in the past. Moreover, Android and other smartphone operating systems were highlighted on our list of security and malware trends to expect in the coming years.

Usually, as we have noted in previous reports, Android malware is spread primarily through free Android apps. Many Android users will take to sources over the Internet to download and install free apps, some of which are laced with malware. Users who opt for these free apps take a peril gamble on whether the app is infected with malware. In this particular case, a security engineer uncovered a rogue Yahoo mail app, which is being circulated over the Internet through free Android app channels. "I am betting that the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version, and they got more than they bargained for," wrote Zink.

In a nutshell, this rogue Yahoo Mail App could turn an Android device into a virtual zombie, where it is controlled through a botnet operated by cybercriminals. Android devices are powerful machines, some just as powerful as a PC. Now Android powered devices can do things just like a PC, which means they naturally become a target for cybercrooks in conducting malicious behavior over the Internet.

Let this be a lesson for smartphone users to avoid obtaining apps from unfamiliar sources. Additionally, paying for an app may be worth it versus obtaining a free version and later bow at the mercy of some hacker who has infected your device through a malware-laced app.

Remember, there are over a billion smartphones activated around the world at the current moment. Most of them are connected to the Internet. All it takes is one malicious app to serve up a dish of malware and potentially infect hundreds to thousands of smartphone other 'connected' smartphones.

Have you ever downloaded or installed a malicious Android App? Did you do it by accident or purposely downloaded the app not knowing if it could be a dangerous threat?