As more and more people jump on the mobile devices bandwagon, it was just a matter of time before unscrupulous individuals tried to get advantage of them. In case you haven’t heard yet, last month a new type of malware was discovered lurking in 32 applications found on Google Play Store. What is even worse is that according to the data released by Google, there are high chances that BadNews has reached a little over 9 million Android devices. Fortunately, all 4 developers associated with the distribution of the malware have been identified immediately and their accounts suspended.
What is BadNews?
Looking beyond the wrongdoing, you cannot help but notice that BadNews practically marks a milestone in the development of malware designed for mobile devices. After all, utilizing a single server the developers actually got an impressively wide distribution to over 9 million users. BadNews has been essentially employed to send out fake news messages, sensitive information from the device to third parties as well as encouraged users to install further new apps for monetization purposes.
An interesting turn of events
Granted, trying to introduce malicious codes into the Google Play adds is equally difficult as breaking into Fort Knox or the Granite Mountain Mormon Church Records Facility. However, the authors of BadNews achieved the impossible and disguised their tiny app as a fairly aggressive advertisement network. While posing as an ad network, the app was downloaded along with other applications by millions of customers with the simple role of pushing malware out at a later date. While you could argue this is a clever move, don’t forget the developers have been caught relatively fast.
How does this malware work?
As Lookout Mobile Security, the team who discovered the malware pointed out, BadNews was also used to push out AlphaSMS messages. In spite of the fact that AlphaSMS is not nearly as dangerous as the FakeWAM, its mechanism is relatively similar. To be more precise, the app appears like an installer or downloader (usually masked as skype_installer.apk or mail.apk), but instead of doing what it supposed to it charges premium rate SMS messages. As if this was not bad enough, the malware in the AlphaSMS category also redirect users to various sites where they will surely come across other potentially dangerous malware.
Based on the information Google made available for the public, BadNews has been associated with applications with servers in Russia, Ukraine and Germany. In addition, the authors of the malware also employed it to promote their own apps, which naturally also contained the malicious code. Once the user activated it, the app accessed and surveyed the device’s C&C every four hours. The Command and Control servers delivered further instructions such as prompting the user to download a paid app and/or displayed fake information.
Photo Credit: <a href=”http://www.flickr.com/photos/35680381@N04/4072900520/”>brandmaier</a> via <a href=”http://compfight.com”>Compfight</a> <a href=”http://creativecommons.org/licenses/by/2.0/”>cc</a>
Can you protect yourself?
While BadNews’s story and the fact that so many users have been malware victims brings forth a grim perspective of smartphone security, it is necessary to point out that this is an isolated incident. In general, neither the FakeWAM nor AlphaSMS is discovered in popular app markets, so basically the risks are very low. On a side note, always pay attention where you download apps from, especially if the website itself looks suspicious or if the app starts behaving strangely.
Speaking of strange behavior, if you notice that your battery is draining faster than usual, you started receiving large phone bills or weird text messages, then these are potential signs your device could be infected.
Furthermore, before you download an application, take a moment to look over the developer’s name, review and overall rating as well as whether or not the app requests permissions in order to access data and capabilities of your smartphone. Even though they might sound slightly confusing for some, understanding the permissions is not actually very difficult and they generally make sense.
For instance, if you just downloaded a new game app that asks you to allow it to access the phone numbers from friends in the contact list, then you should certainly not install it. The type of apps that would make sense to ask for your permission to read, write and delete data in the phone’s SD card are those focused on note taking, backup apps or video and camera apps.