Malware lurks in Google Play Store

Posted by a staff writer

Lookout has unearthed a new family of malware it is dubbing BadNews - which has emerged in the Google Play Store for Android devices.

According to Lookout's research, BadNews poses as an aggressive ad network - however, it floods the user with application install prompts and brings up fake news, all with the agenda of pushing more malware and affiliated apps.

In its early days, Android in particular was dismissed by critics as being unreliable on the security front thanks to the open access nature of the OS. The Play Store, or Android Market as it was known, did occasionally sport dodgy applications that would mimic other popular apps but were anything but.

BadNews, Lookout says, is significant because it has managed to distribute itself so far and wide - using a server to delay malicious behaviour. The security company has let Google know about the malware, and all developer accounts associated with BadNews have been suspended and are being investigated.

BadNews and its affiliated could have been downloaded as many as 9 million times. Not all apps that have been compromised had malicious code in them, but BadNews, LookOut says, puts a "significant number" of users at risk.

The malware also threatens to leak sensitive information such as phone numbers and IMEI codes.

It is a reminder that as smart device use becomes more widespread, so will malicious coders targeting these devices. While at one time mobile security features were panned by some corners, it can't hurt to have a legitimate piece of antivirus software installed on your phone and to only download trusted applications, as malicious coders will increasingly target the etailing and digital services space.