On April 19, Lookout reported that the Google Play Store had been hit by a new malware called BadNews. Over 32 apps are said to have gotten infected. In a blog post it says that these apps have been downloaded between 2,000,000 - 9,000,000 times. This information was brought to Google's notice and the company has promptly removed these apps and suspended the associated developer accounts, until further investigation.
The malicious distribution network carried out the attacks, while disguising itself as an ad network. In the blog post Lookout wrote "Badnews has the ability to send fake news messages, prompt users to install applications and sends sensitive information such as the phone number and device ID to its Command and Control (C&C) server. BadNews uses its ability to display fake news messages in order to push out other types of monetization malware and promote affiliated apps"
The malware is said to be highly evolved, as it can achieve wide spread distribution by using server to delay it behavior. In other words it can quietly enter into your smartphone and can be made active later on. The good news about Badnews is, it has not made active yet, so all is safe now. Once active, the malware will trick users into installing more unwanted junk into your handsets.
"It is not clear whether some or all of these apps were launched with the explicit intent of hosting BadNews or whether legitimate developers were duped into installing a malicious advertising network," said Marc Rogers, Lookout's principal security researcher.
Lookout Mobile Security have anyway advised developers to pay closer attention to any third-party libraries they include in their applications. At the same, they have advised enterprise security managers to do regulated security monitoring, in order to detect malicious files which exhibit delayed behavior.