According to a Microsoft spam engineer, Android smartphone and tablet owners should be cautious about installing apps outside of official stores, such as Amazon Appstore for Android or Google Play Store, as a new malicious app has been discovered that sends spam emails from affected users’ devices. Researcher Terry Zink says that the app is now sending spam messages with the signature “Sent from Yahoo! Mail on Android” and those messages are originating in a number of locations throughout Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela.
“I’ve written in the past that Android has the most malware compared to other smartphone platforms, but your odds of downloading and installing a malicious Android app is pretty low if you get it from the Android Marketplace,” Zink writes on the MSDN blog. “But if you get it from some guy in a back alley on the Internet, the odds go way up.”
According to Zink, the way the malicious app works is that it logs into a user’s Yahoo! account on their Android devices and then begins to send out spam messages.
It doesn’t seem that the malicious app is originating from Google’s Play Store, which is good news. However, users who are trying to download hacked, pirated, or apps from non-official sources should be wary as those apps may contain malicious code. In the past, a malicious Android app was found that generated SMS messages and sent them, racking up charges on user’s phone bills.