Microsoft researcher believes cyber criminals have created Android botnet

Spammers appear to have found a way to harness Google Android smartphones to send out spam, according to a Microsoft researcher.

Terry Zink believes people have downloaded a rogue app to the Android phone. Then, if the user has a Yahoo email account, the app hacks into this to send out spam through that account.

"I am betting the users of those phones downloaded some malicious Android app in order to avoid paying for a legitimate version and they got more than they bargained for.  Either that or they acquired a rogue Yahoo Mail app.

"The messages all come from Yahoo Mail servers. They are all from compromised Yahoo accounts. They are sending all stock spam – the typical pump and dump variety we've seen for years," he said in his blog.

Google users have been plagued by rogue apps, despite the search giant introducing new measures, such as automatic scanning of apps, to clamp down on the problem. Zink added that this is the first time he has seen smartphones being used as part of a botnet – compromised PCs that are used to send out spam or malware.

Most spam is originating from Android devices is countries including Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine and Venezuela.

Graham Cluley of security firm Sophos said the idea of an Android botnet was very plausible and researchers have shown it can be done. But he added that so far there was no evidence cyber criminals had actually managed to do this.