Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Google Play apps used to hide 'BadNews' mobile botnet, security firm discovers

Legitimate apps mask command and control

Article comments

Google’s Play store security has once again been embarrassed by the discovery of an ambitious botnet that sneaked past its app vetting systems to infect possibly huge numbers of Android users.

Lookout Mobile Security, which spotted the ruse, said it had tracked down 32 apps that seemed to be tied into what at first looked like just another advertising network with its own SDK, now dubbed ‘BadNews’.

The dastardly part is that the apps themselves appear innocent but come with the ability to contact a command and control server in order to push a range of genuinely malicious apps, including the AlphaSMS toll fraud app widely circulated by East European gangs.

In an attempt to remain unnoticed for as long as possible, the designers of BadNews designed the apps to behave legitimately for a period of time before hitting the user with bogus update requests at which point trouble begins.

Roughly half the discovered apps used to distribute BadNews were aimed at Russian speakers and designed to commit toll fraud, Lookout said.

The apps themselves included games and screensavers and were the work of four developers who might or might not be aware that their apps were being used as covers to get BadNews on to smartphones.

The company estimated the number of times potentially malicious apps were downloaded at between two and five million, including updates and earlier versions of apps that weren’t malicious.

Not all these downloads will therefore equate to infections but it is clear that large number of users could have been hit by malware from the one location, Google Play, they might reasonably assume to be safe.

Google was informed of the issue and had suspended the developer accounts, Lookout said, but it is hard to escape the uneasy feeling that criminals are successfully targeting Google’s Play at will.

“BadNews is a significant development in the evolution of mobile malware because it has achieved very wide distribution by using a server to delay its behaviour,” said Lookout researcher, Marc Rogers.

“If an app has not yet engaged in malicious behaviour, a typical app vetting process would of course conclude that it was safe because the malicious behaviour has not yet occurred.”

Developers now needed to pay careful attention to the SDKs they used and that even the most innocent-looking apps could still be a backdoor to malicious software, he said.

Earlier this week, security firm NQ Mobile reported that Android malware rose by 163 percent between 2011 and 2012, infecting nearly 33 million devices.  Most of these victims were in China, Russia and India.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *