8000 iPhone and Android users duped into joining smartphone botnet

Two researchers at TippingPoint’s Digital Vaccine Group have duped thousands of iPhone and Android smartphone users into joining a mobile botnet by spreading a seemingly innocuous weather application.

According to a report by Kelly Jackson Higgins of DarkReading, Derek Brown and Daniel Tijerina revealed at the RSA Conference last week how they had created a smartphone application called WeatherFist which grabbed information from users, including their GPS co-ordinates and telephone numbers, before displaying local weather information.

Tijerina and Brown chose not to distribute their application via the official iPhone and Android application stores, presumably because they believed it might not be successful.

Instead they distributed the WeatherFist application via third party app markets like Cydia, SlideME and Modmyi, meaning that it could only be…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley •   @gcluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.