Android Has BadNews BUG That Disguises As An Ad Network, Look Out For Malware!

BadNews on Android. That's the bad news. Lookout, the mobile security company, has found out a new malware family called 'BadNews' that disguises itself as an AD network. It installs the malware affected app on the user's device and sends fake news messages, delivers rather sensitive information (like the phone number and device's serial number -IMEI) to its Command and Control server and prompts the user to install apps or new app updates. These app updates are nothing but, more news malware-infected apps that come under popular names such as the 'Skype'. The smarter the act, the bigger the danger. So, the threat stands for even them who would filter their apps for malware at the Google Play Store, because it's not directly included in the app and comes into existence after the app connects to the malware server.

slide
It is being stated that over 32 apps create by 4 different developer accounts were found in the Play Store and as a response to the findings, Google has removed all of these apps (that were essentially apps that related to Russian dictionaries, popular games or the apps offering salad recipes) and suspended the accounts of those identified of being involved in the act.
Of more concern ans as is mentioned by Lookout on their blog, the affected apps are found to have been downloaded between 2,000,000 - 9,000,000 times.

The name 'BadNews' isn't new in the malicious circles it seems. It has been involved in committing premium rate SMS fraud in the Russian Federation as well as in Ukraine, Belarus, Armenia and Kazakhstan.

Here's a word of caution for the Android App Developers:

Since is not clear whether some or all of these apps were launched with the intent of spreading the BadNews malware, developers were caught unaware as they included code to earn money thinking that BadNews was just an ad network. So when you look out for monetization SDK, make sure you check for loose ends and be cautious. You want to stay away from trouble.

Replies

You are reading an archived discussion.

Related Posts

Owing to a decision made by the AICTE or All India Council of Technical Education locked by a government contract, starting June 30, over 80 lakh college students all over...
hey guys do u have any idea about ELITMUS exam .... if so please help me...
how to calculate the saving using VFD for pump of 18.5 kw if vfd operated on 40Hz?
Hi, i want to know where to write a java program in linux(i am running centos operating system),i should write in a file ,from command line or in the folders....
Something *awesome* has just been launched on CE​ ​😁​ ​You always wanted it!​ ​You asked for it!​ ​&​ ​It's Live!​ ​But you've to find it out yourself!​ ​Hint: You don't...