E-Threats Mobile & Gadgets

BadNews Android Malware Active Since June 2012

Google Play apps harboring the BadNews Android malware that has recently made the news have been spotted in the wild since June 2012 as Android.Trojan.InfoStealer.AK, according to Bitdefender specialists.

The June 2012 version of BadNews was not designed to install fake updates, but could have been a first attempt at testing a new malware delivery system able to bypass Google’s app screening process.

Although numerous reports came from China, BadNews also showed up in countries such as Myanmar, Russia, and Germany.

Bitdefender found three new apps – ru.yoya.anekdot, com.hellow.world and  zh.studio – that were not added to the 32 listed applications known to be infected and downloaded millions of times, raising the total count to 35 malicious Android applications known to be infected.

Although adware frameworks are borderline legitimate as they collect large amounts of user data for purposes that are often unclear, leaping into actually disseminating malware is truly dangerous. Android developers should start paying attention to how adware frameworks behave, and Google should probably scrutinize apps more before allowing them onto Google Play.

Masquerading as a legitimate adware framework, the new version of the malware pushed fake update notifications for apps, such as Skype and Russian social network Vkontakte, tricking users into installing infected files.

BadNews Android Malware Active Since June 2012
How the original code for BadNews looked like

The highly polymorphic structure that’s dependent on the name of the command and control servers shows that that time and effort were invested in the testing and deployment of BadNews.

BadNews Android Malware Active Since June 2012
The latest code added to BadNews

Bitdefender urges users to install a mobile security solution that can detect and eliminate malware and apps bundled with aggressive advertisements that might pose a security risk.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

This article is based on the technical information provided courtesy of Ioan Lucian STAN, Malware Researcher.

About the author


Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.


Click here to post a comment