Newly Discovered Android Malware Infected Up To 9 Million Users

/ 4 years ago


A new Android Malware has emerged that was apparently lurking in the Google Play Store for a considerable period of time. The new malware, dubbed “BadNews” has been embedded in 32 different apps on four different developer accounts. Google play estimates suggest that between 2 million and 9 million users have downloaded these 32 infected apps. The reason for such a wide estimate range is that Google’s Play Store only gives wide ranges. The likely reality is it is probably somewhere in the middle, between 2 and 9 million.

The BadNews malware acted as an advert distribution framework for developers to use.  For this precise reason many well-meaning app developers could have integrated this into their apps without even realising it was malware. Although it is likely many of the 32 infected apps were purpose built for spreading the malware.

Some of the bad things that the BadNews malware does included:

  • Fakes alerts encouraging you to download other infected apps, as well as things like AlphaSMS, which hijacks your phone and silently signs it up for premium SMS services
  • Sends your phone number and unique device i.d (the IMEI) back to the malware’s mothership

The full list of 32 infected apps can be found here. The most popular app, and therefore the most likely one you will have downloaded, is called Savage Knife. This game is meant to simulate 5 finger fillet and it received somewhere between 1 and 5 million installs in the past month or so.

Following the report of these infected apps by LookOut, Google has pulled all 32 of them from the store.


Topics: , , , ,