Vote 2020 graphic
Everything you need to know about and expect during
the most important election of our lifetimes

This Family of Data-Stealing Android Malware Got Downloaded from Google Play Millions of Times

Illustration for article titled This Family of Data-Stealing Android Malware Got Downloaded from Google Play Millions of Times

Everyone knows there's malware on Android, but for the most part it just hides out in the seedier back alleys of the OS. You're only likely to run into it if you start side-loading pirated apps, or frequenting sketchy unofficial app stores. But a newly uncovered family of malware—fittingly called "BadNews"—was just chillin' in Google Play, and has been downloaded somewhere between two and nine million times. In other words, a whole lot.

Advertisement

Uncovered by Lookout Mobile Security, BadNews likes to snag the phone numbers and serial numbers of the devices its on, sometimes pushing downloads of a straight-up trojan called AlphaSMS. The malware wasn't in the apps originally however, it snuck in later—seemingly through a malicious "ad network"—which was how the hackers managed to evade Google Play's anti-malware scrutiny for so long. Once Lookout pointed all this out to Google, the apps were taken down. Fortunately none of them were even remotely reputable to begin with and half were in Russian.

Advertisement

Of course it's disheartening to know that this kind of stuff made it into Play in the first place, but hopefully that trick will only work once. The majority of the store—espeically apps that you've actually heard of—are safe thanks to Google's watchful eye. But just keep in mind that if something there looks sketchy, it might be. [The Lookout Blog via Ars Technica]

Share This Story

Get our newsletter

DISCUSSION

Best way to solve the problem is to get away from "free" phone OSs and go iOS. You get what you pay for!