Now it appears that a particularly nasty bit of malware has been downloaded millions of times from Google’s own Play Store. It seems to have been included in a number of Russian clone apps, the sort of stuff most users don’t download, but it still managed to end up on millions of devices, reports Tech Crunch.
Dubbed BadNews, the code was distributed through 32 different apps uploaded using four developer accounts. It is unclear how many devices were affected, but security researchers put the figure at two to nine million. BadNews fakes alerts and encourages users to download other infected apps, including costly premium SMS scam apps. It also scoops up the infected device’s IMEI and sends it back to its masters.
Google has already pulled the affected apps but the damage has been done. It is estimated that half of the infected users hail from Russia, which is slowly becoming malware central in the Android world. Since Russian authorities are preoccupied with arresting and prosecuting female punk bands, the situation probably won’t improve anytime soon.