The recently discovered BadNews Android malware was again discovered lurking on Google Play.
The Trojan has indeed been bad news for the users that downloaded it unwittingly – it harvested their device information, and what’s worse, it tricked them into downloading other malicious apps.
After Lookout’s discovery of the 32 apps that came bundled with the malware, Google has moved to remove both the apps and the accounts offering them. Still, it was much too late – millions of users have already downloaded and installed them on their devices.
According to Bitdefender, a less disruptive variant of the malware has been spotted in the wild some ten months ago, and their researchers hypothesize that it could have been a first attempt at testing a new malware delivery system able to bypass Google’s app screening process.
Following Google’s Friday sweep that removed the 32 malicious apps, three new ones have popped up on the official Google Android online market: ru.yoya.anekdot, com.hellow.world and zh.studio. They were removed by Google on Monday, but it’s still unclear how they managed to dodge the scans that Google must have performed with Bouncer after Friday’s discovery.
All the apps were masquerading as legitimate adware frameworks, which obviously presents a problem for the Bouncer. Google might consider looking into new ways of checking new apps added to Google Play, and the researchers also pointed out that Android developers should start paying attention to how adware frameworks behave.
In the meantime, Android users might consider installing security software on their mobile devices in order to catch similar threats.