An Android botnet dubbed "SpamSoldier" is active, according to a blog post by mobile device security specialists Lookout, and it is spreading through SMS spam that promises free games such as Need for Speed or Angry Birds Space. Users who respond to SMS spam offering these free games by clicking on a link in the message actually download a bogus "installer" app which, when run, activates the SpamSoldier trojan. It immediately removes its icon from the launcher and may cover its tracks further by downloading a free version of the game it was supposedly offering.

Then the app calls a remote command and control (C&C) server and pulls down an SMS spam message to send and 100 US phone numbers to send it to – it works through the list as fast as possible, sending the SMS spam messages, then downloading more from the C&C server until it is stopped or the C&C stops responding. SpamSoldier also removes outgoing messages from the user's view and tries to intercept any SMS replies to keep the device owner in the dark.

Lookout, who discovered the botnet while working with a carrier, says that the distribution of the malware is limited, with low overall detections. But it has been observed on all major US carriers and Lookout believes that if the botnet becomes widespread then it could generate considerable costs for many infected users. It suggests that users should only load apps from reputable app stores after checking the developer is credible and, of course, recommends installing a mobile device security app such as its own application for Android and iPhone.

(djwm)