BadNews Shows a New Direction for Mobile Malware
And while we’re on the subject of hacking and malware, if you’re the user of Android phone — and if you happen to speak or send messages in Russian — you might want to have a closer look at some of the applications you’ve been running.
Lookout Mobile Security said yesterday that it has detected a significant outbreak of malware lurking inside 32 different apps that it says have been downloaded a combined two million to nine million times. (It’s unclear why that range is so large.)
Google was notified and the company removed the affected apps and killed the developer accounts associated with them. And Lookout’s product, the company says, gives its customers protection against it.
It’s called BadNews, and Lookout says it masquerades as “an innocent, if somewhat aggressive advertising network.” The network would initially serve up only ads, but later on, after having passed security scrutiny, it would start pushing malware to affected devices. Among other things, the servers controlling the apps were caught pushing AlphaSMS, a well-known app that creates fraudulent text messages.
One key takeaway is that apps need to be vetted and re-vetted more than once. “Enterprise security managers must assume that even very well-designed app-vetting processes will not be able to detect malicious behavior that hasn’t happened yet,” Lookout says. The delay in the bad behavior allowed it to be distributed pretty widely before the problems were detected.
About half of the naughty apps are in Russian, and AlphaSMS is intended to commit SMS fraud in Russia and neighboring countries, including Ukraine, Belarus, Armenia and Kazakhstan, Lookout says.
The folks at Lookout do happen to know a thing or two about hacking phones. In fact, its CEO, John Hering, appeared onstage at D: Dive Into Mobile earlier this week to show AllThingsD’s Liz Gannes just how easy it can be to hack a phone. It certainly doesn’t seem to be getting any harder.