Android. Lookout Security said on Friday that it has discovered a new family of malware called BadNews. Malware that avoided detection and made its way onto the Google Play store has been downloaded around 9 million times by users from all over the world.
The company uncovered the malware in 32 applications listed by four different developer accounts on Google Play. Google was notified and the company removed the affected apps and killed the developer accounts associated with them.
In their report, firm describes the malware: "BadNews masquerades as an innocent, if somewhat aggressive advertising network. This is one of the first times that we've seen a malicious distribution network clearly posing as an ad network. Because it's challenging to get malicious bad code into Google play, the authors of Badnews created a malicious advertising network, as a front, that would push malware out to infected devices at a later date in order to pass the app security. Badnews has the ability to send fake news messages, prompt users to install applications and sends sensitive information such as the phone number and device ID to its Command and Control (C&C) server. BadNews uses its ability to display fake news messages in order to push out other types of monetization malware and promote affiliated apps."
LookOut published the full list of known affected apps, with over half of them targeted at Russian users:
BadNews apps were also noted as using those fake news messages to promote affiliated apps and also push other types of monetization malware. One of the apps being pushed was AlphaSMS which is a premium rate SMS app.
Lookout has identified three control and command servers in Russia, Ukraine and Germany. All C&C servers are still currently live, but Lookout is working hard to bring them down as quickly as possible.
To be safe make sure the Android system setting ‘unknown sources’ is unchecked to prevent any dropped or drive-by-download app installs. Also, download a mobile security app that protects against malware and other virus threats.