BadNews for Android security

This is frightening

Lookout has discovered BadNews, a new malware family, in 32 apps across four different developer accounts in Google Play. According to Google Play statistics, the combined affected applications have been downloaded between 2,000,000 – 9,000,000 times.

That’s nine million potential installations. Nine. Million.

It appears that this is delayed attack, with the perpetrator pitching this as an advertising network.  And initially, it was.  However, some time after the apps hit the play store the traffic was diverted to more nefarious means.

Not only did this malware do some really spammy things, like pushing fake notifications to prompt interactions, but it also carried with it a payload for AlphaSMS.  AlphaSMS triggers premium rate SMS messages from your phone.

There’s a clear lesson here.  This problem has emerged because genuine developers have included libraries in their apps that pull in content from servers they do not control.  They trust the makers of those libraries to only serve adverts.  In this case they’re serving malware.  The lesson is this, be very careful who you trust.

Tip me at 1HQwxtq5QdoCxvL4H5piA1c8JLdRKWMGxk

So far I've been tipped Loading....

You can find out more about Bitcoins at http://weusecoins.com/ or get your own  tips jar.

Contact

You can contact me any time day or night at simon@simonjthomas.com. I'll read every email, providing you're not trying to enhance my manliness or are a prince from Nigeria with a business proposition. You can also contact me on Twitter @sijt or App.net @sijt.