Symantec detailed a new case of mobile malware called Android.Bmaster and this is one nasty piece of work.
Its target is mainly Android users on Chinese networks, though the malicious software has been found on other networks as well. It lurks on a third-party marketplace, which is good news for people who strictly use the official Android Market for apps and it is packaged with a legitimate app for customizing phone settings.
The motive for Android.Bmaster is money. Android users with an infected device are forced to pay up whether they like it or not. The remote server is capable of sending out text messages or phone calls to paid services like pay-per-view video or premium phone subscription services. Symantec estimates that anywhere from 10,000 to 30,000 devices are infected. That equals out to between $1,600 and $9,000 per day or $547,500 to $3,285,000 per year in profit for the botmaster. You read that right: at this rate, the botmaster could gain millions of dollars in profit annually.
Malware on Android is becoming a serious threat to consumers. Just last week, we reported different malware that alone could infect up to five million devices. Since Android does not put apps through rigorous security checks like Apple’s iOS App Store does, developers submit malicious apps with ease. A few days ago, Google announced Bouncer in an effort to fight back against these countless security threats, but it can’t protect third-party app stores and removes apps once they’re in the Market, which might be too late for some.