According to Lookout, the mobile security company, Google's efforts to keep their mobile app store free from malware were by-passed by scammers posing as an advertising network by the name of BadNews.

In this latest scam, Google Play was packed with a total of 32 Android apps designed to push malware into devices once the seemingly secure apps had been installed. In what is - according to Marc Rogers, Lookout's principal security researcher - one of the first incidents in which malicious distribution networks pose openly and clearly as ad networks, BadNews was portrayed as an innocent, if rather aggressive ad network.

According to Mr Rogers, this shows a significant development within the evolution of malware directed at mobiles, as it was able to achieve wide-spread distribution due to the malware's behaviour being delayed by the use of a remote server.

By the time Lookout detected and reported the 32 Russian and English apps belonging to the BadNews family to Google, the apps had been downloaded (collectively) up to around nine million times. Once alerted, Google immediately responded by removing the offending apps, and the four developer accounts associated with these apps were suspended.

Groomed to look like a simple ad network, BadNews was hosted within a number of seemingly safe applications, including wallpaper apps, a Russian dictionary, thesaurus and telephone directory tools, as well as a selection of popular games, including, for instance, Bottle Shoot, Savage Knife, Stupid Birds and True or False.

While it remains unclear whether some or perhaps even all of these apps were launched with the intent of becoming hosts to BadNews or whether unsuspecting developers were conned into installing the malicious ad network, the fact that installed apps will connect to a remote command-and-control server - three of which have so far been identified as being located in Germany, Russia and the Ukraine - remains the same.

Once connected, malware is delivered to the device and both device ID and phone number are sent to the server. BadNews then also utilises its ability to show fake news messages to promote affiliated apps and push out other monetisation malware.

Mr Rogers proceeded to caution users, IT managers and developers to be aware of this somewhat new and innovative approach by scammers to spreading malware. Developers in particular are advised to carefully examine third-party libraries intended for inclusion in newly developed applications, as unsafe libraries will not only put users, but also the developer's reputation at risk.

Not found what you are looking for? Ask Us!

Submit a Support Ticket