At last week’s RSA Conference, security researchers with TippingPoint’s Digital Vaccine Group presented their research into mobile botnets. To date, the largest mobile botnet was centered predominately in Europe on “jailbroken” iPhones. Researchers Derek Brown and Daniel Tijerina were able to fool around 8,000 iPhone and Android users into “joining” a mobile botnet by downloading a seemingly innocent weather app.
The app, called WeatherFist, captured a user’s GPS coordinates and telephone number before transmitting the weather data. The exercise was designed to demonstrate how social engineering techniques could be used to create a mobile botnet.
The app was not available in the official apps stores but was posted in third party apps stores. Despite this seeming lack of legitimacy, thousands of individuals still downloaded the app.