A New Malware found Lookout in Android named BadNews, its name also looks like the Malware and in 32 apps across four accounts in Google Play it is, according to the Google Play statics it has been downloaded between 2,000,000- 9,000,000 times already which is a huge number, Lookout notified about that Malware to Google and Google promptly removed all apps and suspended the associated developer accounts pending further investigation, Lookout also claims that their all users are protected against this threat.
BadNews masquerades as an innocent, if somewhat aggressive advertising network. This is one of the first times that we’ve seen a malicious distribution network clearly posing as an ad network. Because it’s challenging to get malicious bad code into Google play, the authors of Badnews created a malicious advertising network, as a front, that would push malware out to infected devices at a later date in order to pass the app scrutiny.
What Badnews can do with your device?
- Send Fake News Messages
- Prompt users to Install applications
- Sends sensitive information like Phone Number abd Device ID to its (C&C) Server.
- BadNews also display fake news messages in order to push out other types of monetization malware and promote affiliated apps
How it Works?
Once activated, BadNews polls its C&C server every four hours for new instructions while pushing several pieces of sensitive information including the device’s phone number and its serial number (IMEI) up to the server.
The C&C server replies with instructions telling BadNews what to do next. Available instructions include displaying (fake) news to users, and prompting for installation of a downloaded app payload.
How to Stay Safe?
- Make sure the Android system setting ‘Unknown sources’ is unchecked to prevent dropped or drive-by-download app installs.
- Download a mobile security app like Lookout’s app that protects against malware as a first line of defense.
Get Updated with Security Threats
Facebook: www.facebook.com/hackersnewsbulletin
Twitter: www.twitter.com/hnbulletin
