Android botnet scare: Is Yahoo! Mail to blame?

There’s an Android malware scare afoot. Researcher Terry Zink has claimed that a botnet is operating out of infected Android handsets and firing out spam in all directions. Google’s refuted it, but has mobile security expert Lookout found the cause?

Google’s refuted that the botnet is operating out of Android handsets, suggesting instead that the spam is coming from PCs pretending to be mobile phones. “Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they’re using,” the company said in a statement.

Norton: Android threats are only just beginning

But that might not be the case. Lookout, which proffers mobile security solutions, has taken a look at the issue and found that it might be Yahoo! who’s at fault. CTO Kevin Mahaffey says the following:

“A more likely explanation for this behaviour appears to be insecure Android applications.” He goes on to say: “Regardless of how this spam campaign works, it was clear from initial reports that the Yahoo! Mail Android app may play a key role.

“After taking a detailed look at the app, we’ve found a number of issues that have potentially broader implications for all Android users of Yahoo! Mail. In the interest of responsible disclosure, we cannot at this time provide details around such vulnerabilities.”

Lookout has, however, been in touch with Yahoo! Which has confirmed that it’s looking into the issue at hand. Whether or not the problem does lie with Yahoo!, Lookout’s research seems to say that there is definitely more going on under the skin of certain Android handsets than Google would have us believe.