BadNews malware seen in Google Play apps
MANILA, Philippines - Security research firm Lookout Mobile Security has put out a report on a malware "family" that's potentially been downloaded up to 9 million times by unsuspecting Android users through the Google Play store.
The malware, known as BadNews, was found in 32 apps across 4 different developer accounts in Google Play. Lookout adds, "According to Google Play statistics, the combined affected applications have been downloaded between 2,000,000 – 9,000,000 times."
Lookout told Google about the issue, prompting Google to remove the apps and suspend the developer accounts in question until the situation has been investigated further.
BadNews can send fake news messages and prompt users to install apps. The malware can also send information, such as the phone number and device ID, to its command and control server.
Due to these abilities, the fake news messages can be used to push users to download other monetization malware or affiliated applications. Lookout adds, "During our investigation we caught BadNews pushing AlphaSMS, well known premium rate SMS fraud malware, to infected devices."
Lookout calls this malware "a significant development in the evolution of mobile malware," as the malware gains traction by posing as something legitimate, laying dormant and using a server to push the malware to action at a later time. Regular app vetting processes do not normally take into consideration such behavior.
Lookout suggests app developers take note of the third-party libraries they use for their apps, as unsafe libraries can put users and their apps at risk. Security managers must also now assume that app-vetting will not be enough, and that ongoing security monitoring is needed to check for malicious behavior in apps down the line. - Rappler.com