This Family of Data-Stealing Android Malware Got Downloaded from Google Play Millions of TimesEric Limer4/20/13 1:00pmFiled to: MalwareAndroidAndroid malwareSecurity1101EditPromoteShare to KinjaToggle Conversation toolsGo to permalink Everyone knows there's malware on Android, but for the most part it just hides out in the seedier back alleys of the OS. You're only likely to run into it if you start side-loading pirated apps, or frequenting sketchy unofficial app stores. But a newly uncovered family of malware—fittingly called "BadNews"—was just chillin' in Google Play, and has been downloaded somewhere between two and nine million times. In other words, a whole lot.Uncovered by Lookout Mobile Security, BadNews likes to snag the phone numbers and serial numbers of the devices its on, sometimes pushing downloads of a straight-up trojan called AlphaSMS. The malware wasn't in the apps originally however, it snuck in later—seemingly through a malicious "ad network"—which was how the hackers managed to evade Google Play's anti-malware scrutiny for so long. Once Lookout pointed all this out to Google, the apps were taken down. Fortunately none of them were even remotely reputable to begin with and half were in Russian.