A legitimate app for configuring phone settings has been Trojanised by adding a piece of malware to its installer. Currently only sold in third-party app markets in China, the botnet built by the malware appears to have co-opted hundreds of thousands of devices.
That's enough to yield revenue in the thousands of dollars per day, and potentially millions of dollars per year. That revenue comes from stealthily subscribing affected users to premium SMS and other services (a strategy noted by M86 Security Labs in a recent report).
The botnet is thought to have been operating since last September, but the good news for most of us is that the malware targets subscribers of two Chinese mobile carriers.
Symantec's Cathal Mullaney observed "This is not the first example of an active, revenue-generating Android botnet we have seen. However, considering the huge market for Android apps, the availability of third-party app stores without security checks, and the massive revenue which can be generated from this type of botnet, Android.Bmaster's million-dollar botnet certainly won't be the last."