We have been following AndroidBauts (also known as Snowfox) evolution since our last report and we noticed an increase in the number involved devices. There are 850.000 unique devices in a 24h time window that exhibit this infection:
In the last 3 months, we detected a total of 16 million IP addresses reaching our sinkholes. We also verified that the number of unique organizations for this family grown significantly from our last count:
Number of Unique organizations per Sector
It’s concerning that this family continues to grow and steal information from devices. AndroidBauts is an Adware that exfiltrates personal information from the device such as the device phone number, IMSI, Google ID and even the device processor brand and may lead to a full compromise scenario. You can read more about this family and the risk it poses for organizations here.
AnubisNetworks Labs Team
29th November 2016