Attack of the Android Zombies

Photograph by David Paul Morris/Bloomberg

Those free Android apps you download may end up costing you more than you know.

(Corrected date when Cloudmark published its report.)

A scourge of the personal computer has come to the smartphone.

Anti-spam company Cloudmark said Dec. 16 that its researchers have spotted what they say is a first-of-its-kind “botnet” comprised of more than 800 Android smartphones. The infected devices are being used to send thousands of spam text messages.

Botnets supply massive computing power by tying together thousands or even millions of infected PCs, known as zombies, to steal information, send spam or attack other computers. Hackers sell access to the network to spammers and other nefarious netizens. Now, with the rise of text messaging, some hackers are targeting smartphones for profit.

This botnet is made up of phones that were infected when users responded to spam text messages offering free versions of games such as “Need for Speed Most Wanted,” according to Cloudmark and Lookout Security, a maker of mobile-security software. Along with the games, downloaded from a server in Hong Kong, the would-be pirates also got an infection that turned their phones into spam-spewing robots. The malware, which hides itself by removing its icon from the system, automatically targets phone numbers on a master list.

As consumers move away from PCs and toward mobile devices for everyday computing, hackers are following. But it’s not easy to infect phones, as mobile-software makers have learned from mistakes of the PC era.

One reason this botnet is limited to only 800 or so devices is because Android typically places barriers on downloading applications from anywhere but the official Google Play store. Android also prompts users with meticulous details about the information their apps intend to access, a warning many people ignore. Google representatives did not immediately respond to a message.

The unlucky “Need for Speed” fans who were seeking a free ride could end up with a bill for thousands of text messages they didn’t send. Suddenly, the $6.99 price tag suddenly doesn’t look so bad.

What do you think about this article? Comment below!