We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,994 News Articles

Google Play apps used to hide 'BadNews' mobile botnet, security firm discovers

Legitimate apps mask command and control

Google's Play store security has once again been embarrassed by the discovery of an ambitious botnet that sneaked past its app vetting systems to infect possibly huge numbers of Android users.

Lookout Mobile Security, which spotted the ruse, said it had tracked down 32 apps that seemed to be tied into what at first looked like just another advertising network with its own SDK, now dubbed 'BadNews'.

The dastardly part is that the apps themselves appear innocent but come with the ability to contact a command and control server in order to push a range of genuinely malicious apps, including the AlphaSMS toll fraud app widely circulated by East European gangs.

In an attempt to remain unnoticed for as long as possible, the designers of BadNews designed the apps to behave legitimately for a period of time before hitting the user with bogus update requests at which point trouble begins.

Roughly half the discovered apps used to distribute BadNews were aimed at Russian speakers and designed to commit toll fraud, Lookout said.

The apps themselves included games and screensavers and were the work of four developers who might or might not be aware that their apps were being used as covers to get BadNews on to smartphones.

The company estimated the number of times potentially malicious apps were downloaded at between two and five million, including updates and earlier versions of apps that weren't malicious.

Not all these downloads will therefore equate to infections but it is clear that large number of users could have been hit by malware from the one location, Google Play, they might reasonably assume to be safe.

Google was informed of the issue and had suspended the developer accounts, Lookout said, but it is hard to escape the uneasy feeling that criminals are successfully targeting Google's Play at will.

"BadNews is a significant development in the evolution of mobile malware because it has achieved very wide distribution by using a server to delay its behaviour," said Lookout researcher, Marc Rogers.

"If an app has not yet engaged in malicious behaviour, a typical app vetting process would of course conclude that it was safe because the malicious behaviour has not yet occurred."

Developers now needed to pay careful attention to the SDKs they used and that even the most innocent-looking apps could still be a backdoor to malicious software, he said.

Earlier this week, security firm NQ Mobile reported that Android malware rose by 163 percent between 2011 and 2012, infecting nearly 33 million devices. Most of these victims were in China, Russia and India.


IDG UK Sites

45 Best Android games: top Android games for your smartphone or tablet in 2014 (24 are free!)

IDG UK Sites

How Apple, Adobe, Microsoft and others have let us down over UltraHD and hiDPI screens

IDG UK Sites

Do you have the X-Factor too? Mix Off app puts fans in the frame

IDG UK Sites

iPad Pro release date, rumours and leaked images - 12.9 screen 'coming in 2015'