By Shailesh Shrivastava | Apr 22, 2013 07:37 AM EDT
If you are an Android user and download applications from Google Play without paying much attention to the security of your device, then you should start giving a thought to the safety of data stored in your smartphone.
Google Play has removed 32 applications, which were reportedly pushing out a new malware called 'BadNews.' Google was intimated about the malicious behavior of these applications by mobile security organization Lookout.
The applications were available in English and Russian and the cumulative number of downloads for all these applications had reached over 9 million. Out of the 32 applications 22 were in Russian the rest were in English.
According to Lookout analysis, BadNews looked like an ordinary and very aggressive ad network but after sometime the malware prompts user to download some application that are already affected.
Once BadNews is activated, it starts communicating with its servers that tells it to take the device's phone numbers to its IMEI number. Later it asks the user to install an already downloaded app. It also uses the names of social networking sites and even Skype and dupes users in downloading an AlphaSMS by showing crucial updates of Skype application.
AlphaSMS is a fraud application looks like an app downloader or installer. However, it instead charges premium SMS.
"It then redirects the user to a website that contains additional potentially malicious applications to download. AlphaSMS' construction is unsophisticated, but effective. AlphaSMS launches websites in an effort to get a user to install more potentially malicious apps on their device," Lookout describes AlphaSMS.
The servers of BadNews are said to be located in Russia, Ukraine and Germany; and all the servers are reportedly running at present.
All the 32 applications are linked to just four developer accounts.
Some of the applications belong to RoyalGames Ltd. and all the applications are gaming apps. According to the Open Source Vulnerability Database (OSVDB), the account holder has 10 gaming applications in its account out of which six applications are found to have BadNews.
"I Believe - I Do Not Believe for Android (air.YesNoBotiki) by RoyalGames Ltd has been found to contain the BadNews malware. The BadNews family of malware is designed to look like a standard advertising network SDK and can be found in a variety of applications. Once installed into an application, it has the ability to spoof news messages, prompt users to install arbitrary applications, send sensitive information to a remote server, or push additional malware to the device. In this case, the software was using AlphaSMS malware to send premium-rate SMS messages," OSVDB reports about I Believe application.
To keep your Android devices safe from BadNews, do not download or install any applications you are not sure about. To make your device more secure keep your 'Unknown sources' in 'Settings' unchecked to avoid dropped or drive-by-download app installs.
© 2013 Mobile & Apps All rights reserved. Do not reproduce without permission.