Co-contributor: Paul Thomas

Over the last few days, we have seen reports of an Android botnet hijacking mail clients on Android devices and sending spam promoting stocks, finance, and pharmaceuticals. While an Android botnet is a possible culprit, other scenarios are more likely—such as spam originating from compromised computers.

To begin, here is a sample of a spam email sent on July 3:

Sample subject lines may appear as:

• Wall Street SHOCK ahead!
• Leading Edge Market Analysis
• RE RE: Controlled Prescriptions
• Special Situation Report
• Fwd: Ground Breaking News Report

Two indicators suggest these spam messages originate from a hijacked Android mail client:

• Message includes the string "androidMobile" in...

As reported by various Japanese news agencies, the Tokyo Metropolitan Police Department recently arrested six men in connection with fraud for using a malicious Android app to scam victims into paying for adult-related video content. Details of the operation can be found in the blog I wrote in back in January. According to the local authorities, the group tricked a total of 9,252 users into installing the app hosted on a website called the “NEW” and conned 211 of them into paying a total of approximately 21 million Yen (approx. US$260,000). The group also extracted personally identifiable information (PII) from the phones and sent it to its server. Symantec detects this app as Android.Oneclickfraud. This is the very...

Contributor: Branko Spasojevic

A recent post on Pastebin revealed that a simple command can provide root access to the ZTE Score mobile device. This escalation of privilege can give you full control of a ZTE Score M phone running Android 2.3.4 (Gingerbread). We analyzed both the MetroPCS and Cricket Wireless versions of the device and we were able to reproduce the privilege escalation.

The Android security model sandboxes applications so they cannot interact with other applications nor directly perform system level commands without specific authorization preventing undesired affects. The privilege escalation allows one to bypass the default Android security model and run any code on the device and make any modifications unchecked.

The privilege escalation was not a bug in code on the device, but instead likely a design feature for carrier administration purposes or troubleshooting. Unfortunately, irrespective of the reason this code was included, by...

Over the past week or so, there has been an ongoing discussion on the Internet about some Android applications that looked suspicious. Most of the apps were supposedly designed to mimic popular games in Japan or play a video in relation to the game. However, users who installed the apps questioned their legitimacy.

Symantec has so far identified 29 apps belonging to seven developers with these characteristics and has confirmed they are malicious. The apps share common programming code so we can assume it is a sole individual or an organization who is committing the crime. The very first app we confirmed appeared on Google Play around February 10 and more followed until late March. Originally the apps posted were not game related, but were random ones including apps of an erotic nature, a contact management app, a recipe app, and a diet assistant app to name a few. But the number of downloads were low. Then in late March, a bunch of apps with names ending in “the Movie...