August 29, 2014

Symantec discovers botnet targeted at Chinese users

Symantec

Symantec, widely known for their Norton antivirus software, has just released a blog post that caught our attention, and it might even worry you as well. Apparently, Symantec has discovered a botnet that’s aimed at Chinese users on two specific networks (although the names of said networks weren’t mentioned). You can take a look at the extensive post by Symantec, but essentially, it’s bundled into a normal application, one that’s not on the Android Market as we suspect that Google would catch something like this.

Basically, once the application is installed, a clean version of the software, along with a “malicious application,” are installed. The latter, Android.Bmaster, then triggers a connection between the infected phone and a remote server, where the initial application downloads an APK. This APK, a Remote Administration Tool (RAT), begins running, which allows the server to issue commands to the device itself. The malware can then send user data to the server, including IMEI numbers, IMSI numbers, Cell IDs, area codes where the phone was pinged recently, and mobile network codes.

According to Symantec, this vicious malware has been available since September of 2011, and the infected devices appear to be in the hundreds of thousands. Not only that, it’s also somehow gaining revenue from each device. Android.Bmaster is generating $1,600 to $9,000 per day, and if those numbers continue, it could earn over $547,000 per year. There’s no clear path as to what Symantec (or the Chinese carriers whose devices are infected) plan to do about this malware, but we’ll keep you posted if any new information comes in.

So is anyone surprised by this malware? Do you think more should be done to protect Android users from such attacks? Let us know by leaving a comment!