Cathal Mullaney Symantec
download slides (PDF)
At the start of February 2012, we came across an interesting example of a fully functional Android botnet. When we first began analysing the malware, it seemed like a relatively pedestrian Android remote administration tool (RAT). After further analysis, we noticed some unusual functionality written into the RAT and began to investigate the command-and-control (C&C) server used to control compromised devices. We found a very large, revenue-generating botnet targeting users in mainland China. Upon analysis of the revenue data, we estimated the potential turnover of the botnet was millions of dollars, annually.
More recently, we have investigated a variant of Android.Backscript (MDK Botnet). This appears to be an even bigger botnet infrastructure operating out of mainland China.
In this paper I will provide the following:
The number of end-users that currently own Android smartphones makes this an attractive attack vector for malware authors. When coupled with targeted infections, like Android users in mainland China, this type of botnet can be extremely lucrative.
VB2013 takes place 2-4 October 2013 in Berlin, Germany.
The full programme for VB2013, including abstracts for each paper, can be viewed here.