A Malware family called Badnews has been discovered by Lookout Security in Google Play developer accounts, Badnews avoided detection and made its way onto the Google Play store has been downloaded between 2-9 million times according to Lookout .
Google was notified of the outbreak and all affected apps have been removed from the Android store. Lookout found 32 applications that contained code from the Makware’s software development kit, which masked itself as a standard advertising network SDK.
According to Lookout’s blog post, “it is not clear whether some or all of these apps were launched with the explicit intent of hosting BadNews or whether legitimate developers were duped into installing a malicious advertising network.”
Lookout is advising developers to do two simple things. To begin, developers need to pay very close attention to any third-party libraries they include in their applications. Unsafe libraries can put their users and reputation at risk. Secondly, enterprise security managers must assume that even very well designed app-vetting processes will not be able to detect malicious behavior that hasn’t happened yet. Ongoing security monitoring is important to detect malicious behavior that happens some time after an app’s initial evaluation.