Malware that avoided detection and made its way onto the official Google Play store has been downloaded at least 2 million times, a security firm warned today.
Google was notified of the outbreak by Lookout and all affected rogue apps have been removed from the Android store. As many as 9 million could have downloaded the dirty code.
Lookout found 32 applications contained code from the “BadNews” software development kit, which masqueraded as a standard advertising network SDK.
But it was particularly aggressive, sending phone number and device IDs to their command and control servers, and prompting users to install applications, including AlphaSMS, a “well-known premium rate SMS fraud malware”, which can cost users plenty of money.
“It is not clear whether some or all of these apps were launched with the explicit intent of hosting BadNews or whether legitimate developers were duped into installing a malicious advertising network,” the company wrote in a blog post.
“However, based on our analysis of the backend code behind a number of these purported ad networks there is little doubt that BadNews is a fraudulent monetisation SDK.”
“Further, it is clear that a substantial amount of code in BadNews has previously appeared in other families associated with Eastern European toll fraud.”
Lookout identified three C&C servers, in Russia, Ukraine and Germany.
It’s another big outbreak of Android malware, which has been spreading rapidly in recent years. NQ Mobile reported earlier this week that mobile malware jumped 163 percent in 2012, with almost all threats aimed at Android.
Governments appear to be using mobile Trojans too. China was this month implicated in attacks on Tibetan activists, which sought to get malicious kit on Android devices.
Source: Tech Week Europe