The Inquirer-Home

24,000 Android devices are hit by XXXX.apk mobile botnet

Uses WiFi networks and hotspots to steal information like users' locations
Thu Jan 09 2014, 15:49
Google Android Malware

JUST WHEN YOU THOUGHT Android security couldn't get any worse, another class of mobile spy malware has been uncovered and is said to be affecting thousands of Android devices, gleaning users' location information from nearby hotspots and connections home Wifi.

LA based cybercrime research company Intelcrawler made the discovery and described the threat as a mobile botnet named XXXX.apk.

Finding the culprit on "thousands of cell phones", Intelcrawler said the intent of the malicious code is to gather credentials and information about WiFi networks, including the SSID of a wireless network, frequency, model of phone, type of encryption, password and system time of the device to acquire understanding about when information was received, including GPS coordinates of a found hotspot.

The malware then collects additional information about the victim's device, such as its temperature, the type of battery, present voltage, battery status and if it is connected to USB or not. It can also gain information about the GSM cell location and cellular operator, which could help identify the victim's probable location.

The botnet has been found on 23,856 compromised smartphones in all, including the HTC Sensation and Amaze 4G, the Google Nexus, Samsung GT I9300, Galaxy Note 2, LG Motion 4G, Huawei U8665 and the Alcatel One Touch.

"One aspect of the malware seems to detect the cell phone connection to the PC through USB, which could allow for its wireless detection work to be done without degrading the battery power. It also might be an avenue into the PC in the next generation of the malware," Intelcrawler said in a report sent to The INQUIRER.

Intelcrawler also claims that the malware uses the phone as a zombie device to collect data about all nearby hotspots without authorisation.

"It was determined that the compromised devices have sent more than one million access points from all over the world - which means that each 'zombie' cell phone sent in nearly 40 to 50 hotspots during the time of infection."

Hotspot locations were found in Europe, China, the US, Israel, India, Singapore and Russia.

"Privacy in the modern world is a great challenge, you never know who is looking at you and why. Cell phone malware that can track your location and possibly even sniff your home wireless network for a possible hack, poses a serious threat to everyone," the security firm's CEO Andrey Komarov warned. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?