April 22, 2013
Malware Apps Abound In Google Play, Android Users Suffer
Lee Rannals for redOrbit.com — Your Universe Online
Freedom comes at a cost, and Android users are suffering yet again from Google's loose way of doing things. The latest issue: 32 apps across four different developer accounts in Google Play are showing up as malware.
Lookout wrote in a blog post that the affected apps have been downloaded between two and nine million times by users. It said they notified Google and the company promptly removed all apps and suspended the associated developer accounts.
The new malware family, BadNews, portrays itself as an innocent advertising network. However, the company's authors have created a malicious advertising network that would push malware out to infected devices at a later date in order to pass the app scrutiny test. It has the ability to send fake messages, prompt users to install applications and send sensitive information like the phone number and device ID to its Command and Control (C&C) server, according to Lookout.
"During our investigation we caught BadNews pushing AlphaSMS, well known premium rate SMS fraud malware, to infected devices," the mobile security firm wrote.
Once BadNews is activated, it polls its servers every four hours for new instructions while pushing several pieces of sensitive information. The servers reply with instructions, telling BadNews what to do next.
"We have identified three C&C servers, one in Russia, one in the Ukraine, and one in Germany. All C&C servers are currently live but Lookout is working to bring them down," it wrote.
Lookout recommends users make sure the Android system setting "Unknown sources" is unchecked in order to prevent dropped or drive-by-download app installs. It also suggests users download its own mobile security app to protect against malware.
Android is the most targeted mobile operating system by malware developers, according to a new study published last week. NQ Mobile found that nearly 33 million Android devices were infected with Malware in 2012 alone, which is an increase of 200 percent since 2011.
Another report a month earlier by Mobile Threat Report said that Android accounted for 79 percent of all mobile malware last year. Meanwhile, Apple's iOS remained one of the least compromised systems, with just 0.7 percent of all mobile malware occurring on its platform.
Android versions "Gingerbread" and "Ice Cream Sandwich" were the most popular Android targets among cyber criminals, according to an analysis from Kaspersky Lab. The security firm found that Gingerbread accounted for 28 percent of all booked attempts to install malware, while Ice Cream Sandwich accounted for 22 percent of attempts.