said by ThreatPost :A newly discovered malicious application circulating on third party Android markets in China has created a botnet that contains more than 100,000 compromised devices, researchers report.
Researchers from NC St Univ and Symantec say the malware, dubbed RootStrap installs a known remote access trojan (aka BMaster).
It is capable of stealing a wide range of information from infected Android devices running versions earlier than 2.3.3 and 3.0.
It may be ginning up illilcit profits with premium SMS and telephony scams, according to the report from NC State and Symantec.
The Android botnet is mostly confined to China and is the largest such mobile botnet documented to date. With infections that date to September, 2011, the Android botnet sported 11,000 active devices generating revenue for the botmaster as recently as last week.
Data from January shows 29,000 active devices, according to Symantec, which analyzed data from a command and control server used by the botnet.
RootSmart uses the GingerBreak jailbreak. Once installed in the guise of the host application, RootSmart fetches the GingerBreak jailbreak and then uses it to elevate its privileges on the device and install both the BMaster remote administration tool and malware from its C&C server, including the DroidLive malware.
That infection technique is similar to a proof of concept illustrated by security expert Jon Oberheide in 2010.
Though reliable data on the size and operation of the botnet isn't available, Symantec estimates that it could generating anywhere between $1,600 to $9,000 per day and $547,500 to $3,285,000 per year for its operators, depending on how many infected devices the botmasters are able to sustain.
Synopsis:
·
·