Google Play apps harboring the BadNews Android malware that has recently made the news have been spotted in the wild since June 2012 as Android.Trojan.InfoStealer.AK, according to Bitdefender specialists.
The June 2012 version of BadNews was not designed to install fake updates, but could have been a first attempt at testing a new malware delivery system able to bypass Googleâ€™s app screening process.
Although numerous reports came from China, BadNews also showed up in countries such as Myanmar, Russia, and Germany.
Bitdefender found three new apps – ru.yoya.anekdot, com.hellow.world andÂ zh.studio â€“ that were not added to the 32 listed applications known to be infected and downloaded millions of times, raising the total count to 35 malicious Android applications known to be infected.
Although adware frameworks are borderline legitimate as they collect large amounts of user data for purposes that are often unclear, leaping into actually disseminating malware is truly dangerous. Android developers should start paying attention to how adware frameworks behave, and Google should probably scrutinize apps more before allowing them onto Google Play.
Masquerading as a legitimate adware framework, the new version of the malware pushed fake update notifications for apps, such as Skype and Russian social network Vkontakte, tricking users into installing infected files.
The highly polymorphic structure thatâ€™s dependent on the name of the command and control servers shows that that time and effort were invested in the testing and deployment of BadNews.
Bitdefender urges users to install a mobile security solution that can detect and eliminate malware and apps bundled with aggressive advertisements that might pose a security risk.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.
This article is based on the technical information provided courtesy of Ioan Lucian STAN, Malware Researcher.