San Francisco-based mobile security company Lookout has discovered a new malware family, BadNews, in 32 apps across four different developer accounts in Google Play. Affected applications have been downloaded between 2 million to 9 million times, says Lookout.
BadNews masquerades as an innocent, if somewhat aggressive advertising network. Badnews has the ability to send fake news messages, prompt users to install applications and sends sensitive information such as the phone number and device ID to its Command and Control (C&C) server. BadNews uses its ability to display fake news messages in order to push out other types of monetization malware and promote affiliated apps.
About 50% of the identified applications are in Russian and BadNews pushing AlphaSMS. AlphaSMS, a SMS fraud malware, is designed to commit SMS fraud in the Russian Federation and neighboring countries such as the Ukraine, Belarus, Armenia and Kazakhstan. In addition, found BadNews is promoting other less popular affiliated apps, including a Russian diet app which also contained the BadNews.
Lookout has identified three command and control servers, one in Russia, one in the Ukraine, and one in Germany. All C&C servers are currently live but Lookout is working to bring them down, says the company.
[Image courtesy: Lookout]