Google Play Store is not as much secure as you think. Security firm Lookout has found another Android malware that bypassed security of Google Play Store. This malware, dubbed as BadNews, was found in 32 apps in Google Play. These apps have also been downloaded between 2,000,000 – 9,000,000 times. We only have download range because Google never show exact download numbers.
“BadNews masquerades as an innocent, if somewhat aggressive advertising network. This is one of the first times that we’ve seen a malicious distribution network clearly posing as an ad network. Because it’s challenging to get malicious bad code into Google play, the authors of Badnews created a malicious advertising network k, as a front, that would push malware out to infected devices at a later date in order to pass the app scrutiny,” Lookout explained.
You can see the name of apps affected by this Android malware in the list below.
Lookout also explained why this malware is called BadNews. Actually Badnews comes with few bad news for you. This Android malware does two bad things in your phone that you didn’t know.
- Fakes alerts encouraging you to download other infected apps, as well as things things like AlphaSMS, which hijacks your phone and silently signs it up for premium SMS services
- Sends your phone number and unique device i.d (the IMEI) back to the malware’s mothership
Google try its best to keep Google Play safe from trojan apps and malware. For this, it also launched bouncer back in February 2012. But Bouncer failed many times as so many malware apps have been found in app store.
After this release, Google has pulled all affected apps from App store. But Google should think about this seriously. It should take enough steps to make sure that application is safe for users.