Viking Horde: are mobile botnets a thing now?

News by Davey Winder

As mobile devices become ever more powerful, they are increasingly being targeted by botnet operators as the ideal members of their zombie armies.

Check Point has discovered Viking Horde malware infiltrating Google Play apps in order to create a smartphone-populated botnet. But just how dangerous can a mobile botnet be?

Check Point reports that Android devices infected by the Viking Horde malware are immediately recruited into an advert clicking simulation scam to generate illicit revenue.

Researchers also found that Viking Horde could do the usual mobile malware thing of sending premium-rate texts, capable of generating £4.50 per message. Controlled by 'many C&C servers' and originating in the Ukraine, Viking Horde is just the latest in a run of evolving mobile botnet creating threats.

But just how much of a threat are these mobile botnets, given the relative resource limitations of smartphones? "While botnets haven't become quite as prevalent a threat to mobile devices as they are to traditional computers," Corey Nachreiner, chief technology officer at WatchGuard Technologies told, "they're certainly an increasing concern and one that most security experts predict will continue to grow."

And, as Rami Essaid, CEO at Distil Networks, points out, "While it's true that the bandwidth and computational throughput of mobile devices is often lower than that of a desktop computer, bots don't require a lot of compute power to pose a threat."

Compounding the problem of a greater distributed mobile botnet is the fact that mobile devices are often on all the time, giving the botnet owner more regular access to large numbers of zombie bots.

The truth is that many of the criminal botnet monetisation techniques don't require huge resources, and given the huge pool of potential zombie victims out there, Nachreiner says you can "expect mobile botnets to grow".

One thing is for sure, they are certainly not just restricted to ad clicking campaigns. Lookout researchers told us that a couple of years ago the NotCompatible.C malware was creating mobile botnets capable of bulk ticket purchasing, WordPress bruteforce attacks and c99 shell control where it was observed logging into shells and performing a variety of actions.

Ben Herzberg, a botnet researcher at Imperva, confessed that he sees "attacks emanating from mobile devices on a daily basis" and that with mobiles proliferating faster than desktops or servers, used by people with limited security training and with no endpoint security, mobile devices "have plenty of bandwidth to mount attacks".

A viewpoint backed up by Cesare Garlati, chief security strategist for the prpl Foundation who points out that smartphones don't really have any limitations in terms of bandwidth.

"Unless the device is connected to a power outlet," Garlati told us, "the only resource limitation is the battery running out!"

And as Daniel Smith, information security researcher from Radware's Emergency Response Team, says, "A denial of service attack via a HTTP flood from a mobile botnet can easily produce over 100,000 unique IP addresses making it increasingly difficult for websites to mitigate such a large scale attack."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews