Affected apps downloaded between two and nine million times.
BadNews, a new malware family identified by mobile security firm Lookout, has been found in 32 apps from four different developers in the Google Play Store.
Masquerading as an aggressive, albeit innocent ad network, BadNews utilises its ability to trigger application installation prompts and display fake new messages to push out other types of monetisation malware and promote affiliated applications.
The combined affected apps have been downloaded between two million and nine million times, according to Google Play statistics. And, while not all earlier versions of these apps contain malicious code, BadNews poses a serious risk to a significant number of users.
It is also capable of leaking personal information, such as the user’s phone number and device identifiers, including the IMEI.
So, if you’re an Android user, you’d be well advised to use discretion when downloading your apps, and make sure you only download apps from trusted developers. User’s are also encouraged to check permissions to verify the app’s functionality does as it says.