Malware identified across 32 Android apps, possibly affecting over 9 million users
BadNews disguises itself as an advertising network. The program has the ability to send fake news messages and gathers personal information like phone number, device ID. Moreover, the app has the ability to send notifications prompting users to download more applications.
Users infected by BadNews would also be pushed premium SMS messages. What is interesting is how the malware made it to the scene. Since it is not native to the app, it does not go through the same integrity check as the app itself.
The 32 apps are listed below and have been removed from the Google Play store. The developer accounts associated with them have been suspended while Google looks into things. It is possible that some (or all) of the developers were not aware of the third-party nature of this problem. BadNews is designed to look like a regular advertising SDK, so it is entirely possible that some of these apps were developed with no ill-will in mind.
The good news in all this is that out of the worldwide Android user base, only between 2 and 9 million appear to be at risk, so the odds are in your favor that this will not be an issue for you. A little over half of the apps are Russian, the rest are English, and they cover a wide variety of genres from games to wallpapers to dictionaries. If any of these apps are on your device, you will want to make sure your operating system is prevented from accepting installs from “unknown sources” and you might want to consider employing some type of mobile security.
2. sorcio46 (Posts: 395; Member since: 27 Jul 2011)
Which part of Open Source has to deal with this?
11. lyndon420 (Posts: 1735; Member since: 11 Jul 2012)
So with this I guess Windows is open? Windows has had the largest amount of malware and malicious viruses.
How are these malicious things being created? On a mac? On a Windows computer? A linux system? An Android tablet?
32. Edmund (Posts: 654; Member since: 13 Jul 2012)
The fact you can use some dodgy SDK to develop software and then have it published in the google play store, despite the existence of malware, is pretty worrying ??
42. sorcio46 (Posts: 395; Member since: 27 Jul 2011)
It happens almost everyday for almost all the apps in the App Store that stole datas from the users but there they're not called "malware"... marketing....
47. papss (unregistered)
you mean what google does with their search engine? Oh that's right, lets point blame or a deflector at another fault and not the one we are speaking about. typical fanboy.
13. gallison1983 (Posts: 41; Member since: 19 Dec 2012)
Nothing. There is nothing about open source that makes is more or less attractive for attack. It's the open market and third party market for apps that brings on the malware, my friend. Kudos to Google for removing malware. I would like to see them step it up. As the main curator for Android apps, Google owes it to their user base to protect those who don't know what they are doing.
50. sats.mine2k4 (banned) (Posts: 208; Member since: 10 Aug 2012)
So you never used a PC did you?
3. kozza3 (Posts: 574; Member since: 17 Oct 2012)
omg omg omg i have to download lookout nnnnnnoooooowwwww!!!! /s
4. moronman66 (Posts: 159; Member since: 09 Jan 2012)
Why is an app called "Savage Knife" the most downloaded here?
44. blingblingthing (Posts: 432; Member since: 23 Oct 2012)
Who downloads this crap? Savage knife Lol?
58. bluescreen (Posts: 154; Member since: 22 Nov 2012)
appearntly alot of people wanting to let out their inner serial killer without going to jail?
5. FlushGordon (unregistered)
In Soviet Russia......
31. minteke (Posts: 30; Member since: 27 Jul 2012)
Flush your history knowledge and reset it. There is no such thing; you must spent the last quarter of the century in a cave.
6. WakaFlakaD (Posts: 361; Member since: 30 Apr 2011)
Good thing I had switched to iPhone...well at least less virus/malwares =)
7. deathgod (Posts: 120; Member since: 23 Nov 2011)
If you switched to an iPhone because of something like this, it says alot about you....
Personally, I've never had a problem with malware/viruses since I've had an android device (Nexus S -> Galaxy Nexus). I'm running Lookout but common sense has prevented me from having issues with rogue apps. But I guess what they say is true "Common sense isn't too common anymore" :)
8. WakaFlakaD (Posts: 361; Member since: 30 Apr 2011)
Well of course not lol. I got sick of Android for now(if you click on my profile, those are the phones that I had) I never even bothered to install Lookout. I mostly just use whatever apps I can download, except the obvious suspicious ones. I had been rooting all my Android phone since the Vibrant. Don't thumb me down simply cuz I mentioned iPhone lol =)
I just need something fresh and iPhone for T-Mobile came out perfectly. Next up is the S4
9. lyndon420 (Posts: 1735; Member since: 11 Jul 2012)
To you it's fresh yes, but to everyone else the iphone UI has become stale. Don't kid yourself into thinking that you're safe from malicious activities because you changed over to fruitware.
10. WakaFlakaD (Posts: 361; Member since: 30 Apr 2011)
Of course malicious activities will always be around as long as there are revenues can be made. Honesty, a fully jailbroken iPhone looks quite nice. I don't know. I guess I am not too fancy about phones these days anymore. I mean nothing new(impressive) come out except hardware. Right now, whatever works, then works. Yeah on an Android, you can download as many launchers as you want, but its still somewhat similar. I guess to my mind, a widget is a widget. A button is a button.
but yeah I am using the iPhone 5 REALLY cuz I got it for $400 brand new on Craigslist. by the time I sell it in 2 months, I will still get some money back, haha so that works for me
21. xperiaDROID (Posts: 5404; Member since: 08 Mar 2013)
Oooo....iPhone eh? THUMBS DOWN
If you're still using Android then THUMBS UP
If you switched to Windows Phone then THUMBS UP
If you switched to BlackBerry then THUMBS UP
So, THUMBS DOWN for you for switching to iPhone! lol xD
23. WakaFlakaD (Posts: 361; Member since: 30 Apr 2011)
Haha, I will be back to the Galaxy family soon! =) As we all phone junkies, we constantly switch different phones. It's the norm for us.
26. xperiaDROID (Posts: 5404; Member since: 08 Mar 2013)
I was just kidding, don't know why all the thumbs down, same as the comment #16, they thumb me down, I guess they're not friendly at all.
So new lesson in PA, do not ask anyone about the phone's problem in PA!
55. Topcat488 (Posts: 1141; Member since: 29 Sep 2012)
I've carried a (iphone and the OG - Note) for a couple of years now, best of both, of the best operating systems for ME... Why hate when for me both are great. Peace :)
25. nerdylish (Posts: 51; Member since: 13 Apr 2013)
Oh, lame comment, eh?
THUMBS DOWN for you! xD
46. blingblingthing (Posts: 432; Member since: 23 Oct 2012)
Also. Android OS is more secure then Apple iOS. It is just that Google seems to have laxed on the app approval scene.
48. papss (unregistered)
thanks for making me laugh
14. rgxVOiD (Posts: 433; Member since: 30 Aug 2012)
So the only chance that you'll end up downloading these app is that you're either Russian, fat or stupid
15. PhoenixWright (Posts: 99; Member since: 11 Feb 2013)
I've lived with Windows for more than 14 years now. Then I've had Android for a good time too.
I can certainly 99.99% GUARANTEE THAT THE BEST FREE ANTI-VIRUS AND ANTI-MALWARE APPLICATION IS CALLED "BRAIN" AND IF YOU PURCHASE IT NOW WITHIN THE FIRST 20 MINUTES, I'LL ADD IN "COMMON SENSE" TO ITS DATABASE. It works on all devices and problems you have. Even with your wife, your neighbors, and everything even your kitchen sink.
16. xperiaDROID (Posts: 5404; Member since: 08 Mar 2013)
Don't know what's wrong with my phone (Xperia Z), my phone's WiFi doesn't turn on, after that I restart my phone and everything is back to normal. Is this a malware?
I'm using AVG antivirus by the way!
36. tedkord (Posts: 4734; Member since: 17 Jun 2009)
But at least the maps get him to the right place. So it's a tradeoff.
51. Eonnaydra (Posts: 206; Member since: 23 Oct 2012)
Seriosly,it's Sony's problem because Xperia Z has many flaws:alot of lag,the lack of innovation in camera's software(despite having 13 mp,the pics are looking bad in comparasion with other android flagships,iPhone 5),the Timescape UI looks outdated compared to the last touchwiz present on S4 or with HTC Sense on the HTC One.
And I've seen that you always say that Xperia Z is the best looking smarthphone and I'm laughing everytime when I see it :) .In fact Xperia Z has a bad ergonomy,it's too huge compared with the S4(which is actually smaller than S3) and looks like a brick.
19. Nimit_Desai (Posts: 18; Member since: 29 Mar 2013)
Plzz anyone out here...HELP ME...frm 2 days I cant see anyone online and I cant chat wid anyone...I tried to reinstall tje fb app...and also to install various messengers but it all failed. ...plz give me a solution...m usimg a galaxy note 2. ..I request you. ...
24. WakaFlakaD (Posts: 361; Member since: 30 Apr 2011)
ust sell the phone on Craigslist, and I will buy it from you for $150 ;)
20. biophone (Posts: 1893; Member since: 15 Jun 2011)
Alot of these names are russain thats interesting. One of them is a *ex app so that is no surprise. It's package name is buttlsex. Stick to the major apps and you will be most likely be fine. If an app doesn't have alot of installs like most of them here its most likely bad news. This is coming from a security firm also.
Even at its high ~9million people considering the ~1 million activations a day thats not so bad. Moral of the story this isn't a major problem and stick to the major apps.
28. neurobiologist (Posts: 70; Member since: 07 Nov 2012)
Android is a healthy human, with a good immune system, who goes outside and walk around with the smile, without a fear of viruses. Apple is a sick and thin cyborg, who has a mask on the face and sit in its own home (ecosystem), while caughing and breathing with one last artificial lung.
29. Antonyjoseph (Posts: 213; Member since: 06 Apr 2013)
For security, android seems to be the wrong place to be. I have an S3 but now plan to pickup a Lumia 820 or 720 for my Banking transactions. Right now I am doing all my banking thru my PC only.
30. Sniggly (Posts: 6998; Member since: 05 Dec 2009)
Aaand the comments reflect the effects of fearmongering.
None of these are mainline apps, and in fact most people wouldn't probably go near them.
But whatevs. Anyone who's stupid enough to believe that they're unsafe on Android at all doesn't deserve to use it.
33. TheMan (Posts: 402; Member since: 21 Sep 2012)
"Half were Russian"?
More like two-thirds, with 21 out of 32.
34. Timmehor (Posts: 599; Member since: 09 Mar 2013)
Seriously, doesn't Google like scan these apps for Malware?!
40. Sniggly (Posts: 6998; Member since: 05 Dec 2009)
They scan the apps themselves. The malware got in through the ads in those apps.
Rest assured Google will plug up that hole nice and tight.
In the meantime, if anyone was enough of a blithering idiot to download any of those apps (seriously, just look at the names), and from the numbers (9 million of 400 million activated Android devices out there, and those numbers are a few months old) there weren't a ton of them, they can just uninstall the app and the issue is gone.
37. tedkord (Posts: 4734; Member since: 17 Jun 2009)
The best performance with the most customization and features of any mobile OS.
And that's what i get.
38. Timmehor (Posts: 599; Member since: 09 Mar 2013)
Performance?! hahaHaHaHAHA! *Breaks out into laughter* I'm joking, there is 700 million android phones out there, so people must LOVE it.
41. tedkord (Posts: 4734; Member since: 17 Jun 2009)
Yes, performance. My Galaxy S3 performance is so solid, my Buddy at work dumped his iPhone and got a Note 2 after using it. And, it's even better now that I've gone pure Google (AOSP) and dumped the TouchWIZ.
43. Timmehor (Posts: 599; Member since: 09 Mar 2013)
I know, but there's a lot more Android phones that aren't Samsung, Sony and HTC. Buying a cheaper Android phone, lag will ensue.
45. tedkord (Posts: 4734; Member since: 17 Jun 2009)
And buying a Yugo didn't turn out so well for a lot of people, too. So? You can't expect a Chinese knockoff that sells for $100 unlocked to perform with the big boys.
49. papss (unregistered)
yes but buying any windows phone or iphone will give you great performance... even the cheap ones. 100 got me a l920 and it's never lagged..
54. tedkord (Posts: 4734; Member since: 17 Jun 2009)
And neither can do as much as an Android phone.
56. Timmehor (Posts: 599; Member since: 09 Mar 2013)
Than you haven't bought a cheap android phone, they lag like hell. A cheap Lumia 620 or 520 will work like a beauty.
53. TheBitterTruth (unregistered)
Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia Russia
57. Ninetysix (Posts: 1584; Member since: 08 Oct 2012)
Guys..didn't you hear? Malware doesn't exist on Android according to A LOT of the fandroids here.
59. isprobi (Posts: 197; Member since: 30 May 2011)
This is why I switched back to BlackBerry from Android when the Z10 came out. And I try to avoid converted Android apps especially if they have ads. Android has allot more apps but the stealing/sharing of personal data is too much of a price to pay for me. I also use bing more than Google for web search now for the same reason.