The AndroidBauts botnet is a network of infected Android devices that are used for promoting advertisements to users online. At one point, the number of infected devices was more than 550,000. The creators of the AndroidBauts botnet are able to gather data regarding the compromised devices - both software and hardware. Most of the infected devices appear to be located in India and Indonesia. However, a significant number of compromised Android devices that belong to the AndroidBauts botnet also can be found in Russia, Argentina, Vietnam, Malaysia and other countries.
Propagated via Fake Applications
The operators of the AndroidBauts botnet are likely to have infected this staggering amount of devices by hosting fake applications on the official Google Play Store. Users tend to be less careful when they are downloading applications from the Google Play Store because they believe the developers would not allow any potentially unsafe applications on their platform, but this is not always the case. Since the activity of the AndroidBauts botnet was detected, the Google Play Store has taken down all applications related to the adware. However, despite the efforts, it is highly likely that thousands of Android devices around the world are still being compromised by the threat.
AndroidBauts’ Other Capabilities
Apart from spamming users with advertisements, the AndroidBauts adware can serve as an information-gathering tool. This adware can gather:
- The Android version.
- Information about the administrator privileges of the user.
- The unique hardware address (MAC) of the device.
- Information about the processor model, frequency, number of cores and manufacturer.
- Phone number 1 and 2, in case that the user has two SIM cards installed.
- Size of the phone storage and availability and size of the memory card.
- IMSI, IMSI2, IMEI and IMEI2.
The operators of the AndroidBauts adware are able to execute remote commands on the compromised host. The information collected by the adware is transferred to the server of its operators. Thanks to the device data, which is sent to the AndroidBauts operators, they can see if the device is online currently, check the status of the advertisements, send a new ad request, or update information regarding the device if there are any new inputs.
Keeping in mind the functionality of the AndroidBauts adware, it is not unlikely that its operators may opt to use it in a much more harmful manner in the future. However, for now, it is just adware that is likely to cause users irritation, and thus it is recommended that they remove it from their Android device.
Do You Suspect Your PC May Be Infected with AndroidBauts & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like AndroidBauts as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.