Google has removed from its official download center for Android devices, Google Play , 32 virus-infected apps BadNews, as recorded by the Internet User Security Bureau on its website . Of all the “apps” polluted, 50% were configured, although it is possible that some of the programmed in English may have affected Spanish users.The complete list is here .
Among other things BadNews is able to send messages with false news and trick users into installing other applications infected, and send sensitive data such as your phone number or the device ID to its central server. It also uses AlphaSMS, one of the malware known text messages.
According to statistics from Google Play, infected applications recorded between two and nine million downloads. In addition to eliminating them, Google has canceled the accounts of the developers involved waiting for more information.
A delayed effects virus
BadNews has been a before and after in the advancement of mobile malware. As explained Lookout Security since its official blog, the virus exploits even filtering processes are more sophisticated apps conclude that a malicious application is not incurred unless malicious behavior before testing.
Instead, the creators of BadNews succeeded in evading the security filters Google Play programming for infected applications acted not until later that the users had installed on their devices.
BadNews has reached such a wide distribution precisely because the idea of using a server to delay its effects. Used as a front an advertising network which was responsible for introducing the malware infected devices time after the app was analyzed.
The Lookout antivirus creators think that, from now on, developers and security managers must, first, pay more attention to the third-party code libraries to include in their applications so that they are infected, and secondly , designing filtering processes on these applications that perform continuous monitoring, can detect malicious behavior at any time.