How is it possible that malicious software was installed so many times, and nobody noticed? The guy behind all of this made pretty smart thing (smart for himself, of course). Applications with BadNewsom itself were not malicious but they are typical applications "enriched" with ads.
The trick is in these ads, or to be more precise SDK which displays them. Advertisements were not taken from some common server, but from specialized ones that showed ads for other apps "infected" with BadNews.
However, at one point BadNews are activated and every four hours contact the home server about what to do, and at the same time they also send a phone number and IMEI of the smartphone, along with other information. Servers then send false notifications about updates for some applications (e.g. Skype) to smartphones, but all those „updates“ lead to to installation of software called AlphaSMS, which is used for hidden sending of expensive SMS messages, typically in Russia and neighboring countries.
Three servers were discoverd in Russia, Ukraine and Germany. Given that most of the software with BadNews is in Russian most of our readers probably did not installed any such application, but if you have concerns, check the list of applications and possibly visit Lookout page, where you can also read detailed information about this malware.
Tell us what you think in our Forum