Badnews is an example of Android malware that easily slipped past Google's anti malware software, posing as an ad network for developers. Developers would make their apps, and they could put ads in their apps to make money. Badnews offered to put ads in apps for developers. Unfortunately, that's not all it did.
The ad network being used by apps would then do some very upsetting things. First, it would send the user's phone number back to their servers, along with the IMEI, the unique phone identifier for the phone. Secondly, it would post advertisements and popup alerts for other malware apps, hoping to infect users in multiple ways.
Between 2 million and 9 million have been infected.
Unless you're translating this post into Russian, you probably didn't get infected. The ad network was used primarily in Russian language apps. Whether or not the developers of those apps intentionally used Badnews to spread malware, or if they simply made the wrong choice for ad provider is unknown.
However, this is a new and clever method for spreading malware. By doing it this way, users could be infected without ever downloading an app that looked questionable. It could be a perfectly normal app that simply offered ads, something very common on Android. Since many Android users are unwilling to pay for apps, displaying ads is a primary method for making money. An ad network that spreads malware would go unnoticed for a long time. Long enough to infect millions, apparently.
The malware wasn't found by Google, but Lookout, a security firm. It leaves little faith for Google's ability to protect their users from malware. Of course, many security flaws are pointed out by third parties, but normally this isn't after the attacker was able to infect millions.
via TechCrunch
0 comments:
Post a Comment