Lookout Report: Many Android Users Have Received BadNews – Based on the download stats provided by Google Play, infected Apps were downloaded between 2,000,000 – 9,000,000 times.
A new report from mobile security firm Lookout, would not make great reading for Android users. In fact, the report bears BadNews for Android lovers.
According the report, Lookout has discovered a new malware family, which the company named – BadNews. BadNews malware was found in 32 apps across four different developer accounts in Google Play. Based on the download stats provided by Google Play, infected Apps were downloaded between 2,000,000 – 9,000,000 times, the report states.
However, there is one ‘GoodNews.’ The company reported that they notified Google and all the affected apps immediately removed from Google Play. All Lookout users are protected against this threat, according to the report.
“BadNews has the ability to send fake news messages, prompt users to install applications and sends sensitive information such as the phone number and device ID to its Command and Control (C&C) server,” Marc Rogers reports. “BadNews uses its ability to display fake news messages in order to push out other types of monetization malware and promote affiliated apps.”
According to the report, the two main takeaways from their findings are:
Developers need to pay very close attention to any third-party libraries they include in their applications. Unsafe libraries can put their users and reputation at risk.
Enterprise security managers must assume that even very well designed app-vetting processes will not be able to detect malicious behavior that hasn’t happened yet. Ongoing security monitoring is important to detect malicious behavior that happens some time after an app’s initial evaluation.