According to mobile security firm Lookout, Android users who downloaded one of 32 applications and games in Google Play that were infected with BadNews, could have mobile devices infested with malware.
Though the company did inform Google of its findings, and Google acted quickly to remove them and suspend the offending developer’s accounts, the applications that were infected with the malware amassed a total 9 million downloads.
According to Lookout’s findings, BadNews actually hides in plain sight on the user’s device by pretending to be an ad network. However, in addition to its ad serving capabilities, the malware also can send fake news messages, ask users to install applications, and send unique information about the device that it’s infected like the user’s phone number and the device’s unique ID, back to its makers.
In some cases BadNews used its ability to ask users to install applications, as an avenue to download AlphaSMS, another piece of malware that would run up the device user’s bill with premium SMS messages.
In a recent study that showed malicious infections of Android devices to have been at an all-time high in 2012, mobile security firm NQ noted the premium SMS messaging had become a large business model for those creating malware and distributing malware even though it’s only able to commit the fraud in Russia and countries that neighbor it like Ukraine, Belarus, Armenia, and Kazakhstan.
Because BadNews doesn’t begin to affect user’s devices until after its code has most likely been examined and deemed safe by those who have the means to curb its circulation, the malware infection has become pretty widespread.
Lookout offers two takeways that it thinks could prevent software like BadNews from infecting mobile devices. First, it believes that developers need to pay closer attention to third-party code and libraries they use in their applications. Though these libraries may provide extra features and services, it’s always best for developers to fully examine them before using them.
The second main takeway the firm offers is the need for security managers to create processes that monitor applications for suspicious behavior over time. Only through doing so, says Lookout, will enterprises be able to ensure the security of their mobile devices.
Lookout also wants users to remain vigilant. According to the firm, users should make sure that the box inside their Android device’s system settings for download applications from unknown sources isn’t checked. It should be noted that according to the company, had users installed it’s Lookout mobile security suite, they wouldn’t have become infected.