Google Android users and the app store were hit with a BadNews Bug yesterday. Security technicians found 32 apps on Google Play that harbored the bug.
A BadNews Bug typically steals a user's cash by racking up charges from sending premium rate text messages. The security firm Lookout uncovered the malware and said it had lain dormant in users' phone for weeks before becoming active. The 32 apps were available through four separate developer accounts on Google Play.
The bug targeted people in Russia, Ukraine, Belarus and other countries in eastern Europe. The bug was placed inside recipe generators, wallpaper apps, games and pornographic apps.
Lookout said the bug appeared to look like an "innocent, if somewhat aggressive, advertising network".
The bug became active when it pushed a malicious program called AlphaSMS. This program was labeled as an essential update for either Skype or Russian social network Vkontakte. It then stole credit by sending text messages to premium rate numbers that charge for each text sent.
According to Google Play statistics, the combined affected applications have been downloaded between 2,000,000 - 9,000,000 times.
"It is not clear whether some or all of these apps were launched with the explicit intent of hosting BadNews or whether legitimate developers were duped into installing a malicious advertising network," Lookout wrote in a blog p...