Sunday, 21 April 2013 19:31

BadNews malware on Google Play

Written by

Reading time is around minutes.

According to security firm Lookout, recently there was 32 apps on Google Play that contained malicious software called BadNews. Applications were from 4 different developer accounts, and were downloaded between 2 and 9 million times. Lookout immediately warned Google, which has suspended the accounts and disabled download of suspicious applications.

How is it possible that malicious software was installed so many times, and nobody noticed? The guy behind all of this made pretty smart thing (smart for himself, of course). Applications with BadNewsom itself were not malicious but they are typical applications "enriched" with ads.
List of harmful apps

The trick is in these ads, or to be more precise SDK which displays them. Advertisements were not taken from some common server, but from specialized ones that showed ads for other apps "infected" with BadNews.

However, at one point BadNews are activated and every four hours contact the home server about what to do, and at the same time they also send a phone number and IMEI of the smartphone, along with other information. Servers then send false notifications about updates for some applications (e.g. Skype) to smartphones, but all those „updates“ lead to to installation of software called AlphaSMS, which is used for hidden sending of expensive SMS messages, typically in Russia and neighboring countries.

Three servers were discoverd in Russia, Ukraine and Germany. Given that most of the software with BadNews is in Russian most of our readers probably did not installed any such application, but if you have concerns, check the list of applications and possibly visit Lookout page, where you can also read detailed information about this malware.

Tell us what you think in our Forum

Read 1767 times Last modified on Thursday, 25 April 2013 19:50

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.