Microsoft researcher Terry Zink who is program manager at Microsoft Forefront Online Security mentioned in a blog post that he has come across samples of spam where the Message-ID is “<1341147286.19774.androidMobile@web140302.mail.bf1.yahoo.com>”, reports c|net. Zink believes that there are instances of malware laden apps that are involved with the spread of such spam. But, he believes that the chances of downloading such an infected app from Google Play Store are minuscale because of the fact that Google puts in a lot of effort to ensure authenticity and legitimacy of apps published on Play store.
Use of smartphones for spread of spam doesn’t sound too lucrative but, considering the fact that if key stroke-laden apps find their ways onto smartphones of users, genuine email addresses can be used to spread spam which would make it more difficult for web mail providers to spot spam. Zink noted, “If people download malicious apps onto their phone that capture keystrokes for their email software, it makes it way easier for spammers to send abusive mail. This is the next evolution in the cat-and-mouse game that is email security.”
Another researcher at Sophos, Chester Wisniewski, believes that users from countries such as Argentina, Pakistan, Ukrain, Jordan and Russia are downloading Trojanized applications through off-market download sites as well as other repositories. He wrote on his blog post, “It is likely that Android users are downloading Trojanized pirated copies of paid Android applications. The samples we analyzed originated in Argentina, Ukraine, Pakistan, Jordan and Russia.”
“The widespread nature of source devices is unusual as most Android malware is not downloaded from Google Play, but localized “off market” download sites.” he added.
Senior technology consultant at Sophos, Graham Cluley, told BBC that if one goes by the evidence that has been unearthened, the spam seems to have originated from Android devices and this definitely makes this attack a first of its kind.