‘BadNews’ Android Malware Affects Over 9 Million Downloads On Google Play
There's been much talk about security on Android in recent months, and it seems likely that it's a subject we won't be dropping anytime soon. Recently, we discovered that Android is susceptible to simple email attachment attacks, and not long before that, Google detailed how it was keeping its Google Play store more secure with its App Scanning utility bundled with Android 4.2. It might be fair to say that Google puts more of an emphasis on security than most companies - recently, we learned about some creative technology that helps to protect users of its Chrome Web browser.
Yet, here we are, talking about yet another new attack that the company likely didn't consider before.
The latest incidents have been tracked by mobile security firm Lookout, which saw malware called "BadNews" bundled with 32 apps. Unfortunately, these apps were available right inside of Google's Play Store, allowing any Android user quick access to them. So why didn't Google's advanced security scanners catch anything? This is where it gets interesting.
Because Google's scanners are good, and thorough, BadNews' developers created an ad network that seemed legitimate, and then had that bundled with a variety of apps. Once the apps were approved and accessible through the store, the ad network turned malicious; it began sending install prompts to users and also took it upon itself to send your phone number and device ID to a remote server. In some cases, AlphaSMS was pushed through - malware which sends SMS to premium lines.
How Google will help prevent this sort of attack in the future, we're not sure. As of the time of writing, all of the affected developers have had their accounts suspended, and it's not clear whether or not they knew of what was going on, or if they were innocent. About 50% of the apps were based in Russia, and the majority of affected users seem to reside there also.
This incident does highlight the need for developers to keep on top of the backends their apps use, however, and also to be extremely choosey about the ones they ultimately go with. A new start-up could very well end up tarnishing your apps, and your reputation.