Symantec discovers botnet targeted at Chinese users

Symantec discovers botnet targeted at Chinese users

Symantec, widely known for their Norton antivirus software, has just released a blog post that caught our attention, and it might even worry you as well. Apparently, Symantec has discovered a botnet that’s aimed at Chinese users on two specific networks (although the names of said networks weren’t mentioned). You can take a look at the extensive post by Symantec, but essentially, it’s bundled into a normal application, one that’s not on the Android Market as we suspect that Google would catch something like this.

Basically, once the application is installed, a clean version of the software, along with a “malicious application,” are installed. The latter, Android.Bmaster, then triggers a connection between the infected phone and a remote server, where the initial application downloads an APK. This APK, a Remote Administration Tool (RAT), begins running, which allows the server to issue commands to the device itself. The malware can then send user data to the server, including IMEI numbers, IMSI numbers, Cell IDs, area codes where the phone was pinged recently, and mobile network codes.

According to Symantec, this vicious malware has been available since September of 2011, and the infected devices appear to be in the hundreds of thousands. Not only that, it’s also somehow gaining revenue from each device. Android.Bmaster is generating $1,600 to $9,000 per day, and if those numbers continue, it could earn over $547,000 per year. There’s no clear path as to what Symantec (or the Chinese carriers whose devices are infected) plan to do about this malware, but we’ll keep you posted if any new information comes in.

So is anyone surprised by this malware? Do you think more should be done to protect Android users from such attacks? Let us know by leaving a comment!

About author

Justin Marden
Justin Marden 488 posts

I've been an Android fanboy since day one, but I've never had a chance to truly express my voice and be a part of the Android Community. When AndroidGuys starting accepting applications for interns, I saw my opportunity. I joined the AndroidGuys team and haven't looked back!

You might also like

News and Rumors

Analysis shows Android makes up 70% of smartphones in Q4

Canalys, a company that has made a living doing analytics, has released some new information concerning the penetration of Android into the smartphone market. According to their research, not only

News and Rumors

Galaxy Nexus Press Release

Samsung and Google introduce GALAXY Nexus World’s First Smartphone to feature Android 4.0 Ice Cream Sandwich and a HD Super AMOLED display Hong Kong – October 19, 2011 – Samsung Electronics


TiVo app and TiVo Roamio Pro: dual review

For 2015, TiVo has decided to completely revamp their mobile app on the Google Play Store. Previously, the last time the current app was updated was on October 13, 2014.


  1. Leif
    February 08, 17:52 Reply

    Well, the other Website Symantec linked says enough: 
    “Though this requires user consent, if such consent is given”

    When people click on stuff they don’t read it’s their own fault.

    • Anonymous
      February 09, 00:26 Reply

      hey that normal app must be really worth it

  2. Icc85
    February 09, 10:36 Reply

    Man this what the third time SYMC has cried wolf. The the two other times they were flat wrong. I have about as much trust in SYMC as I do with those guys selling real rolex watches for 290 bucks.they just need to step away from Android OS if this on turns out to be wrong.

Leave a Reply