A new piece of malware discovered in the Google Android Play store has been downloaded millions of times. The malware is part of a grouping of questionable Russian developed clone apps. Despite the questionable materials, the apps featuring the BadNews malware have been downloaded repeatedly.
Security firm Lookout has discovered 32 different apps from four separate developer accounts that feature the BadNews malware.
The firm believes that the malware has been downloaded two to nine million times, although determining the full number of downloads and infections is hard because of the Android App ecosystems fragmentation.
The security firm notes that some of the apps may have been developed by honest developers who simply chose bad ad networks that passed along the malware.
Google uses its Bouncer software to constantly scan apps for malware; however, BadNews made it past those scanners by posing as an ad network and then passing along malware via its various ad spots. The developer didn’t turn on the malware via remote code until it had been downloaded millions of times.
So far, Lookout says it has found two things that the program appears to do:
- Fakes alerts encouraging you to download other infected apps as well as things things like AlphaSMS, which hijacks your phone and silently signs it up for premium SMS services
- Sends your phone number and unique device i.d (the IMEI) back to the malware’s mothership
If you think your Android smartphone may have been infected, you can check a full list of known affected apps and then determine your next set of actions.
Do you think Google Android apps need to be more closely monitored to ensure tricky developers can’t so easily steal user data and sign them up for expensive and unwanted services?