Google Denies Microsoft’s Android Botnet Report

Google Android MalwareGoogle has lashed out at Microsoft researcher Terry Zink, claiming there is no evidence to support his warning that a new botnet is forcing infected Android phones to churn out spam.

The search giant said in a statement that its own internal research indicated the spam messages were stemming from PCs, as opposed to smartphones.

“Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they’re using,” said Google.

The Android botnet reports initially stemmed from Zink, when he claimed to have discovered evidence that a botnet had successfully infiltrated the Android ecosystem.

In his post Zink warned that a new form of the malware was accessing Yahoo Mail accounts on Android devices to send spam messages.

He also reported tracking the originating IP addresses to Asia, Eastern Europe, South America, and the Middle East.

If true the botnet would be the first ever discovered successfully targeting the Android ecosystem.

Since Google’s attack Zink has issued a second blog post admitting the spam headers could have been spoofed to make it look like they came from Android devices instead of a PC.

“Yes, it’s entirely possible that bot on a compromised PC connected to Yahoo Mail, inserted the message-ID thus overriding Yahoo’s own Message-IDs and added the ‘Yahoo Mail for Android’ tagline at the bottom of the message all in an elaborate deception to make it look like the spam was coming from Android devices,” wrote Zink.

“The other possibility is that Android malware has become much more prevalent and because of its ubiquity, there is sufficient motivation for spammers to abuse the platform. The reason these messages appear to come from Android devices is because they did come from Android devices.”

Other security vendors have also reported finding evidence that the spam stemmed from Android.

Initially Sophos issued its own report verifying that it too had discovered evidence of a botnet running on infected Android smartphones.

Lookout chief technology officer Kevin Mahaffey suggested that rather than malware on the Android devices, a more likely explanation was the behavior was attributable to Yahoo’s Android email app.

“We’ve reached out to Yahoo with this information and they have acknowledged that their mobile team is actively working on these issues,” Lookout said in a company blog.

The news follows on from warnings by security firm Trend Micro that cyber criminals are flocking to the Android ecosystem.

This article was originally published on V3.

Related reading

top trends to increase value from paid search spend
what can we learn from voice search in 2018?
Google Ads 2019: What to look out for
mobile search and video in 2019: how visible are you?