The rapid development of smartphone technologies have resulted in the evolution of mobile botnets. The implications of botnets have inspired attention from the academia and the industry alike, which includes vendors, investors, hackers, and researcher community. Above all, the capability of botnets is uncovered through a wide range of malicious activities, such as distributed denial of service (DDoS), theft of business information, remote access, online or click fraud, phishing, malware distribution, spam emails, and building mobile devices for the illegitimate exchange of information and materials. In this study, we investigate mobile botnet attacks by exploring attack vectors and subsequently present a well-defined thematic taxonomy. By identifying the significant parameters from the taxonomy, we compared the effects of existing mobile botnets on commercial platforms as well as open source mobile operating system platforms. The parameters for review include mobile botnet architecture, platform, target audience, vulnerabilities or loopholes, operational impact, and detection approaches. In relation to our findings, research challenges are then presented in this domain.

1 "Zeus Botnet Eurograbber Steals $47 Million"

2 "Worm:iPhoneOS/Ikee.B"

3 "Unified Extensible Firmware Interface"

4 "UEFI Technology Expands in Mobile Devices and Other Non-PC Market Segments"

5 Ollmann, G, "The evolution of commercial malware development kits and colour-by-numbers custom malware" 9 : 4-7, 2008

6 Geng, G, "The Design of SMS Based Heterogeneous Mobile Botnet" 7 (7): 235-243, 2012

7 Kiley, S, "Spy Smartphone Software Tracks Every Move"

8 "Smartphone Vendor Market Share"

9 Qi, H, "Sierpinski triangle based data centerarchitecture in cloud computing" 1 (1): 1-21, 2014

10 Xuxian, J, "Security Alert: New RootSmart Android Malware Utilizes the GingerBreak Root Exploit"

11 Maslennikov, D, "SecureList: Mobile Malware Analysis: Part-6"

12 Orchilles, J.A, "SSL Renegotiation DOS"

13 Alzahrani, A.J, "SMS mobile botnet detection using a multi-agent system: research in progress" 2014

14 "Rootkit"

15 Mills, E, "Report: Android phones vulnerable to snooping attack"

16 Grizzard, J.B, "Peer-to-peer botnets: Overview and case study" 2007

17 Portokalidis, G, "Paranoid Android: versatile protection forsmartphones" 2010

18 "Open DNS, security whitepaper"

19 Unuchek, R, "Obad.a Trojan Now Being Distributed via Mobile Botnets"

20 VentureBeat, "News about Tech, money and innovation / Mobile"

21 Spreitzenbarth, M, "Mobile-sandbox: having a deeper look into android applications" 2013

22 "Mobile Security Primer"

23 Abdelrahman, O.H, "Mobile Network Anomaly Detection and Mitigation: The NEMESYS Approach" 264 : 429-438, 2013

24 Karim, A, "Mobile Botnet Attacks : A Thematic Taxonomy" 2 : 153-164, 2014

25 Microsoft, "Microsoft, Malware Protection Center, Trojan:AndroidOS/SpamSold.A"

26 Roshandel, R, "LIDAR: a layered intrusion detection and remediationframework for smartphones" 2013

27 Chiang, H.-S, "Identifying Smartphone Malware Using Data Mining Technology" 2011

28 Musthaler, L, "How to avoid becoming a victim of SMiShing (SMS phishing)"

29 Paganinip, "HTTP-Botnets: The Dark Side of an Standard Protocol!"

30 X. Jiang, "GingerMaster: First Android Malware Utilizing a Root Exploit on Android 2.3 (Gingerbread)"

31 "Forbes, Secure mobile development best practices"

32 Protalinski, E, "F-Secure: Android accounted for 97% of all mobile malware in 2013, but only 0.1% of those were on Google Play"

33 F-Secure, "F- secure| Virus and threat descriptions"

34 Szongott, C, "Evaluating the threat of epidemic mobile malware" 2012

35 Singh, K, "Evaluating bluetooth as a medium for botnet command and control" 61-80, 2010

36 Dai, S, "DroidLogger: Reveal suspicious behavior of Android applications via instrumentation" 2012

37 "DroidDream, DroidDream"

38 Aswini, A, "Droid permission miner: Mining prominent permissions for Android malware analysis" 2014

39 Choi, B, "Detection of Mobile Botnet Using VPN" 2013

40 Pieterse, H, "Design of a hybrid command and control mobile botnet" 2013

41 Zeng, Y, "Design of SMS commanded-and-controlled and P2P-structured mobile botnets"

42 Flo, A, "Consequences of botnets spreading to mobile devices" 2009

43 Vural, I, "Combating Spamming Mobile Botnets through Bayesian Spam Filtering"

44 Zhao, S, "Cloud-based push-styled mobile botnets: a case study of exploiting the cloud to device messaging service" 2012

45 Adeel, M, "Classification of Mobile P2P Malware Based on Propagation Behaviour" 2010

46 Donovan, F, "Botnet of mobile devices used for first time to distribute Trojan"

47 KARIM, A, "Botnet detection techniques : review, future trends and issues" 2014

48 Pieterse, H, "Bluetooth Command and Control Channel" Computers & Security 2014

49 Zetter, K, "BlackBerry a Juicy Hacker Target"

50 "Bank Site Attacks Trigger Ongoing Outages, Customer Anger"

51 Nadji, Y, "Automated remote repair for mobile malware" 2011

52 "Arbor Networks: Worldwide Infrastructure Security Report"

53 Weichselbaum, L, "Andrubis: Android Malware Under The Magnifying Glass" Vienna University of Technology 2014

54 "Android.Geinimi"

55 Hamandi, K, "Android SMS botnet: a new perspective" 2012

56 Andrews, B, "Android Malware Analysis Platform" 2013

57 "Android DreamDroid two: rise of laced apps"

58 Xiang, C, "Andbot: towards advanced mobile botnets" 2011

59 Geng, G, "An improved sms based heterogeneous mobile botnet model" 2011

60 Mishra, A.R, "Advanced cellular network planning and optimisation: 2G/2.5 G/3G... evolution to 4G" John Wiley & Sons 2007

61 La Polla, M, "A survey on security for mobile devices" 15 (15): 446-471,

62 Gani, A, "A review on interworking and mobility Techniques for seamless connectivity In Mobile Cloud Computing" 84-102, 2014

63 Shiraz, M, "A Lightweight DistributedFramework for Computational Offloading in Mobile Cloud Computing" 9 (9): 2014

64 Kasera, S, "3G mobile networks: architecture, protocols and procedures based on 3GPP specifications for UMTS WCDMA networks" McGraw-Hill 2005