Two researchers at TippingPoint’s Digital Vaccine Group have duped thousands of iPhone and Android smartphone users into joining a mobile botnet by spreading a seemingly innocuous weather application.
According to a report by Kelly Jackson Higgins of DarkReading, Derek Brown and Daniel Tijerina revealed at the RSA Conference last week how they had created a smartphone application called WeatherFist which grabbed information from users, including their GPS co-ordinates and telephone numbers, before displaying local weather information.
Tijerina and Brown chose not to distribute their application via the official iPhone and Android application stores, presumably because they believed it might not be successful.
Instead they distributed the WeatherFist application via third party app markets like Cydia, SlideME and Modmyi, meaning that it could only be…
Read more in my article on the Naked Security website.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.