Some of the Android apps from the Google Play store are hit with a new kind of malware, called BadNews according to mobile security firm, Lookout Mobile Security. It is indeed BadNews that the malware has already been downloaded 2-9 million times. It was found in 32 Android apps that belonged to four developers and downloaded millions of times.
Google has already been informed of the malware and they were booted from the Google Play store. Around half of the infected 32 apps were Russian targetting the Russian users and others are targetted to the eastern European users and some are English.
BadNews bypassed the Google Play Security “Bouncer”, it is a service that automatically analyses new apps, existing apps and developer accounts on the Google Play for potential malware behavior. BadNews escaped this by using a tactic, it launched as an application and disguised as an advertising network, at a later date it started pushing malware in the form of updates to by pass the security scanning. It can send fake news messages, prompt users to install applications.
It also sent users phone number and device ID to its Command and Control Server, these servers are located in Ukraine, Russia and Germany. According to Lookout these servers are still online.