BadNews malware downloaded by at least 2 million users in Europe

Malware that avoided detection and made its way onto the Google Play store has been downloaded between 2-9 million times, security firm Lookout said today.

Google was notified of the outbreak and all affected apps have been removed from the Android store. Lookout found 32 applications that contained code from the “BadNews” software development kit, which masked itself as a standard advertising network SDK.

badnews malware(Table includes info on the 32 identified malicious apps)


This particular virus was very aggressive, sending phone number and device IDs to their command servers, and prompting users to install applications including AlphaSMS (a fraud malware which can cost users plenty of money in overage charges and data fees.)

According to Lookout’s blog post, “it is not clear whether some or all of these apps were launched with the explicit intent of hosting BadNews or whether legitimate developers were duped into installing a malicious advertising network.” Lookout is advising developers to do two simple things. To begin, developers need to pay very close attention to any third-party libraries they include in their applications. Unsafe libraries can put their users and reputation at risk. Secondly, enterprise security managers must assume that even very well designed app-vetting processes will not be able to detect malicious behavior that hasn’t happened yet. Ongoing security monitoring is important to detect malicious behavior that happens some time after an app’s initial evaluation.

Lookout has identified three control and command servers in Russia, Ukraine and Germany. All C&C servers are still currently live, but Lookout is working hard to bring them down as quickly as possible. According to Lookout’s blog, about 50% of the identified applications are in Russian and AlphaSMS is designed to commit premium rate SMS fraud in the Russian Federation and neighboring countries such as the Ukraine, Belarus, Armenia and Kazakhstan. It’s worth noting that the people controlling this malware are also using it to promote their less popular apps, which also contain BadNews.

BadNews icons (App icons containing BadNews found by Lookout)


So how can you stay safe and prevent all the frustration and anger? It is pretty simple really. for starters, make sure the Android system setting ‘unknown sources’ is unchecked to prevent any dropped or drive-by-download app installs. Also, download a mobile security app that protects against malware and other virus threats. Finally, make sure to take the time to fully research any apps you may find interesting before installing.





source: Lookout blog


  • olbp


    Looks to me as if the first line of defense is to avoid downloading games!

  • jokonda

    Your post is very interesting! Your list of apps is impressive! Thanks a lot!!!

  • Oh look, a company peddling anti virus for Android is yet again attempting to justify its existence! It’s really very simple – don’t download anything that looks or sounds dodgy, ensure you read reviews before downloading and READ the permissions! If a wallpaper app wants the ability to send SMS or make phone calls – it’s probably not a good idea to download it…. I don’t think I need to issue warnings about Russian sex apps……

  • anywherehome

    if anyone approves that apps, good for him 😉 but you can easily uninstall

    with iPhone or Windows you know nothing about it… Android is 1000x more secure 😉

    “Disastrous iPhone security! – iPhones most vulnerable among smartphones.”
    “Apple iOS Apps Leak More Personal Info Than Android”
    “40% of iOS popular apps invade your privacy without any permission.”
    “Apple lets kids easily spend parents’ money, beware = easy to abuse your iDevices; very probably intention of Apple to spend your money by mistake!”