Google Play apps harboring the BadNews Android malware that has recently made the news have been spotted in the wild since June 2012 as Android.Trojan.InfoStealer.AK, according to Bitdefender specialists.
The June 2012 version of BadNews was not designed to install fake updates, but could have been a first attempt at testing a new malware delivery system able to bypass Google’s app screening process.
Although numerous reports came from China, BadNews also showed up in countries such as Myanmar, Russia, and Germany.
Bitdefender found three new apps – ru.yoya.anekdot, com.hellow.world and zh.studio – that were not added to the 32 listed applications known to be infected and downloaded millions of times, raising the total count to 35 malicious Android applications known to be infected.
Although adware frameworks are borderline legitimate as they collect large amounts of user data for purposes that are often unclear, leaping into actually disseminating malware is truly dangerous. Android developers should start paying attention to how adware frameworks behave, and Google should probably scrutinize apps more before allowing them onto Google Play.
Masquerading as a legitimate adware framework, the new version of the malware pushed fake update notifications for apps, such as Skype and Russian social network Vkontakte, tricking users into installing infected files.
The highly polymorphic structure that’s dependent on the name of the command and control servers shows that that time and effort were invested in the testing and deployment of BadNews.
Bitdefender urges users to install a mobile security solution that can detect and eliminate malware and apps bundled with aggressive advertisements that might pose a security risk.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.
This article is based on the technical information provided courtesy of Ioan Lucian STAN, Malware Researcher.
[…] that were available on Google servers for download, researchers from antivirus provider Bitdefender said Monday. As Ars reported last week, figures provided by Google showed they had been downloaded anywhere […]
[…] Tages für mehr Aufsehen gesorgt als drei Dutzend Google-Play-Anwendungen, die in den vergangenen 10 Monaten mehrere Millionen Androids mit Viren und Trojanern […]
[…] Tages für mehr Aufsehen gesorgt als drei Dutzend Google-Play-Anwendungen, die in den vergangenen 10 Monaten mehrere Millionen Androids mit Viren und Trojanern infizierten. Among the malicious apps promoted […]
[…] that were available on Google servers for download, researchers from antivirus provider Bitdefender said Monday. As Ars reported last week, figures provided by Google showed they had been downloaded anywhere […]
[…] des SMS surtaxés à certains numéros.Source : LookoutMais il aura fallu attendre lundi que BitDefender se jette à l’eau pour apprendre que trois applications supplémentaires étaient de la partie. Listées par […]
[…] that were available on Google servers for download, researchers from antivirus provider Bitdefender said Monday. As Ars reported last week, figures provided by Google showed they had been downloaded anywhere […]