The rapid development of smartphone technologies have resulted in the evolution of mobile botnets. The implications of botnets have inspired attention from the academia and the industry alike, which includes vendors, investors, hackers, and researcher community. Above all, the capability of botnets is uncovered through a wide range of malicious activities, such as distributed denial of service (DDoS), theft of business information, remote access, online or click fraud, phishing, malware distribution, spam emails, and building mobile devices for the illegitimate exchange of information and materials. In this study, we investigate mobile botnet attacks by exploring attack vectors and subsequently present a well-defined thematic taxonomy. By identifying the significant parameters from the taxonomy, we compared the effects of existing mobile botnets on commercial platforms as well as open source mobile operating system platforms. The parameters for review include mobile botnet architecture, platform, target audience, vulnerabilities or loopholes, operational impact, and detection approaches. In relation to our findings, research challenges are then presented in this domain. This technological shift has motivated cyber criminals to exploit the vulnerabilities of smartphone devices through off-the-shelf malware creation tools [3]. Similarly, the spread of mobile applications have enabled the dissemination of malicious code to a wide range of potential audience. Through the Internet, the majority of current mobile threats replicate the behavior of attacks on desktop machines. Therefore, many of the existing solutions can also be considered applicable to the malicious mobile attacks. Nevertheless, mobile devices have their own constraints, such as limited processing, less data storage capabilities, and heterogeneity of OS (e.g., Android, iOS, and Windows), that restricts the security solutions to be efficiently programmed.