BadNews malware downloaded by at least 2 million users in Europe

Malware that avoided detection and made its way onto the Google Play store has been downloaded between 2-9 million times, security firm Lookout said today.

Google was notified of the outbreak and all affected apps have been removed from the Android store. Lookout found 32 applications that contained code from the “BadNews” software development kit, which masked itself as a standard advertising network SDK.

badnews malware(Table includes info on the 32 identified malicious apps)


This particular virus was very aggressive, sending phone number and device IDs to their command servers, and prompting users to install applications including AlphaSMS (a fraud malware which can cost users plenty of money in overage charges and data fees.)

According to Lookout’s blog post, “it is not clear whether some or all of these apps were launched with the explicit intent of hosting BadNews or whether legitimate developers were duped into installing a malicious advertising network.” Lookout is advising developers to do two simple things. To begin, developers need to pay very close attention to any third-party libraries they include in their applications. Unsafe libraries can put their users and reputation at risk. Secondly, enterprise security managers must assume that even very well designed app-vetting processes will not be able to detect malicious behavior that hasn’t happened yet. Ongoing security monitoring is important to detect malicious behavior that happens some time after an app’s initial evaluation.

Lookout has identified three control and command servers in Russia, Ukraine and Germany. All C&C servers are still currently live, but Lookout is working hard to bring them down as quickly as possible. According to Lookout’s blog, about 50% of the identified applications are in Russian and AlphaSMS is designed to commit premium rate SMS fraud in the Russian Federation and neighboring countries such as the Ukraine, Belarus, Armenia and Kazakhstan. It’s worth noting that the people controlling this malware are also using it to promote their less popular apps, which also contain BadNews.

BadNews icons (App icons containing BadNews found by Lookout)


So how can you stay safe and prevent all the frustration and anger? It is pretty simple really. for starters, make sure the Android system setting ‘unknown sources’ is unchecked to prevent any dropped or drive-by-download app installs. Also, download a mobile security app that protects against malware and other virus threats. Finally, make sure to take the time to fully research any apps you may find interesting before installing.





source: Lookout blog