Apps contained a "fake" ad network, directed users to install malware disguised as free applications

Yesterday, the folks over at Lookout divulged their latest find. 32 applications, mostly Russian language, were found to contain what Lookout calls "BadNews" -- a new piece of code that facilitates easy installation of malware onto users phones who have it installed. They estimate that apps containing BadNews have been installed over 2,000,000 times. While this is but a small drop compared to the hundreds of millions of Android devices and 25+ Billion apps installed from the Play store, it's still quite the eye popping number.

BadNews is disguised as an ad network. Besides serving ads for other less popular apps containing the BadNews code, it has the ability to send some of your private data (including your phone number and IMEI) to a server. It also displays fake news messages about app updates and links to actual malware that a user could install outside Google Play. 

The offending applications, distributed across four different developer accounts, have been purged from Google Play. If you think you may have been affected, or are running one of the apps, Lookout's security application can assist in identifying the things you need to remove.

We appreciate a well researched and legitimate look at malware like this news, and don't want it to get buried like the so many FUD stories around the Internet that are speculation with no numbers. For a list of the applications, and a look at how this was discovered, click the source link below. Carry past the break for some further discussion.

Source: Lookout

Now to talk a bit about how and why this happened, and what users could have done differently to protect themselves. To start with, over 2,000,000 people downloaded an application from Google Play, and said "yes" when asked if they wanted to allow the downloaded application to have access to their phone number. We understand that all the app permissions can be confusing, and that often there are legitimate reasons for apps to request permissions to sensitive information. But we have to be diligent and read those permissions, every time, and pass on the apps we think have requests that sound fishy. While this means that we'll likely have to pass on a few apps that are innocent, it also means we won't have some spammy app sending all our contact data off to some server in the Russian Federation. This is the price of having an open application store, and while Google can come back and remove apps that have gone wild after they are found, we have to practice a little care of our own.

The second one is a no-brainer. If you click an ad banner that promises an update to an app that you downloaded from Google Play, or directs you to download and install any files to your phone, you have to say no. This is why it was a big deal when Facebook decided to go rogue and update their app in an unapproved manner, and why many folks were calling for their heads and removal of their app from Google Play for doing so. If you allow things like this to happen, nobody can help you. This time, these apps would have been detected by a security app like Lookout, but next time they may not. Just Say No.

It's relatively easy to write malicious code and inject it into an application that users want. It's not so easy to distribute it from Google Play, and as a result we see convoluted methods like BadNews to get the job done. Be diligent, be safe, and whenever you're in doubt ask for advice in the forums. We may be bickering between ourselves over whether Samsung or HTC makes the better phone, but we all work together when a friend is in need.


Reader comments

Google removes 32 apps from Google Play over malware concerns


And the other half are just links to mobile versions of their websites.

I like my Z10 but the App World selection is horrendous.
On Android I average 25-35$/mos from Play Store content whereas I haven't found content worth even spending 15$ in the past 6 weeks.

Thank god for the z10 and blackberry, thankfully they have barely any apps and aren't popular enough to have to worry about people trying to steal their information from a dying OS brand.

Seriously though, I've known not to download any russian or chinese apps I have been interested in just from common sense ever since i got my D1 in 2010. Just from using the internet we all have seen and heard of russian and chinese hackers always trying to crack our home pc's.

Maybe Google should explain what people are doing by accepting terms to apps and explain it layman terms for those who aren't sure and don't understand why apps need your permissions so they are more informed to what they download and why those apps need to access certain information on your phone.

Well your not safe on any platform. Remember this that was on BB a few years back? I can't post the link now thanks spammers! But Google the Zeus malware.

So now go troll Crack berry how horrible android is since you don't understand or cant handle device and OS freedom and a uncensored app store. Good day.

Is any body really taking on the cranckberry trolls? For reals.. I think there are more ppl trying to give away a Z10 rather than trying to get one.

Anyone who downloads an app with icons that look like that, deserves the malware hell they get themselves into.

I think Google is doing a better job at malware control. While it seems that it would sparingly attack US android users, I'm glad to see that the android experience is being protected on a worldwide front. BTW, I'm extremely particular about what apps I download. I often uninstall an app simply because I don't like the icon. These apps would have never stood a chance with me. LOL

I've had a couple people ask me why I always use Lookout to scan any app I'm installing before the .apk actually installs. This would be why. Lookout has found a couple apps I thought were okay and they had great icons too! ;o)

Seriously though, it only takes an extra couple seconds. Why wouldn't one want to scan first if they had the opportunity? Because if it can be downloaded regardless of the medium, some a$$hat out there will try to exploit it.

I really think Google should check their the way Microsoft and apple does it. I understand its like getting rid of of tones of them but its for the best for Google and the user.

my 2 cents

Good news for Android users. Currently using a Z10 but intending to add a Note 2 and Galaxy Note Tablet 10.1 or what it's called. Love Android.

before a app is going to enter googleplay, google must check that app. because it's a technical shame for google as those(may be more) apps are malware !! Millions of people using googleplay apps because those are taking care by google.

Thanks in Advance

Android Central it would be great if we have a article about what permissions to look for when we download an app out of the Play Store. I'm sure you've probably done this before. We are getting so many new users.

Did Sergey himself found this apps? would it be faster to find more of this apps if Google hires more Russian bilinguals. Or do all of them want to work only for Yandex?

Strange, no comments by the malware app naysayers? Don't need Lookout, et al? Malware not a problem on Android devices?
Others needing advice about what permissions to look for? App can read your contacts, make calls/ send texts without your permission, read phone logs, upload your user information, read all installed apps, determine your location, activate camera without your permission, etc., etc?
All that is self explanatory, and a little common sense determines whether those permissions are necessary for a given app.

Ok, maybe I'm just missing it, but is there an actual list of the malware apps and not just the icons? I don't recognize the icons, so I'm guessing I don't/didn't have any of them, but I would like to know the names. Anyone have a list of them. Thx.
Also, forgive my ignorance, but if the apps are removed from Play, does that mean they would be removed from the phone or do we still need to go in an uninstall? Thanks in advance for any helpful responses.