Google Play Reputation Under Fire After Malware Discovery
Google Reputation Protection Team Called On Again
One can only hope that Google's reputation protection and management team are well paid, as it seems that the company is forever on the receiving end of complaints and bad reviews. Whilst Google are still being berated about privacy and data protection issues it seems a new attack comes from a different direction.
Security researchers have identified 32 separate apps on Google Play that harboured malware called BadNews. On infected phones, BadNews stole cash by racking up charges from sending premium rate text messages. The malicious program lay dormant on many handsets for weeks to escape detection before swinging into action. The malware targeted Android owners in Russia, Ukraine, Belarus and other countries in Eastern Europe.
Figures from Google Play suggest that between two and nine million copies of apps infected with BadNews were downloaded from the store. A wide range of apps were harbouring the malware including recipe generators, wallpaper apps, games and pornographic programmes.
Malware Was Well Hidden
BadNews concealed its true identity by initially acting as an advertising network. In this guise, it sent users news and information about other infected apps, prompting mobile users to install other programmes. The malware adopted this approach to avoid detection systems that look for suspicious behaviour and stop suspicious apps being installed.
This masquerade ended when apps seeded with BadNews got a prompt from one of three command and control servers, then it started pushing out and installing a more malicious programme called AlphaSMS. This stole credit by sending text messages to premium rate numbers.
Reputation Protection Team Still To Announce Further Action
Users were tricked into installing AlphaSMS, as it was labelled as an essential update for either Skype or Russian social network Vkontakte. Half of the 32 apps seeded with BadNews were Russian and the version of AlphaSMS it installed was set to use premium rate numbers in Russia, Ukraine, Belarus, Armenia and Kazakhstan.
The 32 apps were available through four separate developer accounts on Google Play. When we last checked Google had suspended those accounts and removed the affected apps from its online store. However, at the time of writing Google's reputation protection team had not made any comment about further action.