Li Xin, an Android user and gamer discovered after installing an app entitled Fishing Joy that odd notices began popping up and automatically downloading apps when he attempted to dismiss them. He later found the new apps impossible to uninstall, according to the state-run Xinhua news agency.
"If you like to use an Android smartphone to play games, it is very likely that you have installed games with a backdoor program which now controls your phone and has linked it to a botnet," said Li Tiejun, an engineer with mobile antivirus firm Duba. Thousands of clones of popular applications such as Temple Run and Fishing Joy have been imbedded with the malicious software.
An infected smartphone is an open book for such botnet controllers as they often do not raise the suspicion of users. The botnet controller can remotely access the infected smartphones and collect any information on the device which interests them, said Chen Zhangqun, a virus analyst. They can also order the smartphones to download applications or use them as an advertising platform, according to Xinhua.
Botnets can also be used to earn advertising income by directing phone browsers to websites to generate fake page views.
Application developers also represent a cohort of victims. The coder behind a virus knows developers pay app distributors a fee around 0.5 to 2.3 yuan (US$0.08-$0.37) per download. The backdoor programs pop up messages to draw the user to tap them, which will install applications on the phone without the user's express permission.
Estimates put the scale of the Android trojan infection at around 1 million of the 150 million Android smartphones in use. A botnet controller could make at least 10,000 yuan (US$1,600) per month and even up to 1 million yuan (US$160,000), security industry analysts say.
Source: wantchinatimes.com