Lookout security announces “BadNews” Android malware family discovery

Apr 19, 2013
3
Lookout security announces “BadNews” Android malware family discovery

In an announcement that should have Android users having a double-check of the applications they've downloaded in the recent past, the mobile security group Lookout has identified what they call the "BadNews" malware family. The applications affected by BadNews have, according to Lookout, potentially affected between 2,000,000 and 9,000,000 users due to the number of downloads recorded in the apps that have been tagged. Lookout has made it clear that not all downloads of these apps (especially early versions) contained malicious code, all those on the list should be cautious.

According to Lookout, this operation has affected primarily Russian devices and has been aimed at devices in the Russian Federation and neighboring countries. The Ukrain, Belarus, Armenia, Kazakhstan, and others are on the list of those areas affected, and the full list of BadNews-toting apps can be found in the image immediately following this paragraph. If you've downloaded one of these apps, Lookout suggests that you take heed!

Screen-Shot-2013-04-18-at-9.16.29-PM

What happens here with BadNews is a series of actions. Once activated - and we're not entirely clear on what activates said software - BadNews begins sending sensitive information from your smartphone to a remote server. Your phone number, serial number (IMEI), and more can be sent without the user's knowledge.

From there, a "fake" advertisement will be targeted to the user through the app, this advertisement prompting the installation of a new piece of software. This step could show up as an update to "Vkontakte", a popular Russian Social Networking app, an update to Skype, or various other oddities. If this piece of the puzzle is completed, BadNews will begin working with cash fraud apps such as AlphaSMS.

With AlphaSMS, it will appear that a user is making entirely free SMS messages, but the user will be sending cash to the malicious parties in charge of this whole operation without their knowledge.

To prevent this from happening to you, you'll want to make sure you avoid the apps listed above (of course), and make sure your Android device's system setting is unchecked for "Unknown Sources" installing apps. If you've got this checked, it's possible (however unlikely) that an app can install itself without needing your permission. Stay smart!

[via Lookout]


Must Read Bits & Bytes