A new Android malware family has been discovered by antivirus firm Lookout. Dubbed as BadNews, it was found in 32 Android applications present in Google Play store from four different developer accounts. After being notified about the malware, Google has promptly deleted all the infected apps and suspended developer accounts, but it shows how easy it can be for malware to slip in Google Play despite all the security measures taken by Google.
According to Lookout, the Badnews malware masquerade as an ad network, which does not seem like a threat when scanned by Google’s automatic security mechanism – Bouncer. The infected apps start pushing malware to the devices on a later date, thus remaining undetected for a long time.
“BadNews masquerades as an innocent, if somewhat aggressive advertising network. This is one of the first times that we’ve seen a malicious distribution network clearly posing as an ad network. Because it’s challenging to get malicious bad code into Google play, the authors of Badnews created a malicious advertising network, as a front, that would push malware out to infected devices at a later date in order to pass the app scrutiny,” Lookout noted in a blog post.
“According to Google Play statistics, the combined affected applications have been downloaded between 2,000,000 – 9,000,000 times,” Lookout added.
Badnews malware have ability to send fake news messages, prompt users to install applications and sends sensitive information such as the phone number and device ID to its servers.
The majority of the infected smartphones and tablets were found to be present in Russia, which is expected as most of the malware-laden apps are in Russian.
Here is a list of apps that were found to be infected with Badnews and the number of installs they accumulated during the period they were live on Google Play.
You can read more about Badnews on Lookout blog and its technical nitty-gritties.