Mobile malware is exploding at exponential rates as security experts from Lookout Mobile Security discover a family of malware called 'BadNews' disguised as advertisements.
Surely the name of this new family of Android malware is properly named as it is very 'badnews' to know that between 2 million and 9 million Android users have potentially downloaded this new-found malware.
Lookout Mobile Security posted on their blog updates to this terrifying discovery where the malware was found in 32 apps across four different developer accounts within the Google Play store. As many as half of the apps potentially laced with malware were found to be in Russian and AlphaSMS. Among the SMS apps some of them were found to be involved in premium rate SMS fraud in the Russian Federation and surrounding regions.
The way in which these 'BadNews' malware apps work is by pretending to be an ad network and later spreading malware to the device running Android OS after the infected app is installed. The actions of these infected apps range from sending fake news messages, sending the device's phone number and device ID to a command and control server to prompting users to install other malicious apps. BadNews, basically a group of malicious apps, are also known to disguise itself as app updates to other popular apps like Skype.
What is probably the most discerning finding of BadNews is the fact that it was rooted from the Google Play store, a place where Android device and smartphone users go to for trusted and safe downloads of apps. Since the discovery and blog post made by Lookout Mobile Security, the Google Play store has taken down the affected BadNews apps. However, the damage has probably already been done with an estimated 2 to 9 million users having downloaded these tainted apps from the store.
Right now, it is still unclear as to the definitive reason for BadNews. It could be that these apps were launched with the intention of spreading the BadNews malware, or the developers were misled on the execution of BadNews in thinking it could be an ad network for monetization or masked as a fake monetization SDK (Software Development Kit). This unprecedented event should be a quick wake-up call for the industry and the development and spread of future mobile malware, mainly malware attacking Android devices.