New 'BadNews' Bug Found on Google Play Store

If you're an Android user, take note: security experts have discovered more than thirty applications on Google Play that contain malicious software known as BadNews.

BadNews is just that: when installed on smartphones -- like Samsung's Galaxy phone or the LG Optimus -- the software racks up charges by repeatedly sending expensive text messages.

BadNews is also very hard to detect: according to security experts, it can remain dormant on a device for weeks without affecting performance.

Two to Nine Million Downloads So Far

It's not clear how many apps containing the BadNews have been downloaded. Insiders estimate that the number could be anywhere between two million and nine million copies of various Google Play applications.

BadNews can be found in a wide range of Google Play apps. Security firm Lookout says that it discovered BadNews in cooking apps, home improvement apps, and games. Unsurprisingly, apps featuring adult content were also infected by BadNews.

TechCrunch reports that the most popular BadNews-infected app is "Savage Knife," a game that mimics the intense "5 Finger Filet" game seen in movies like Aliens.

It's estimated that Savage Knife has been installed on between one and five million systems so far. (Source: techcrunch.com)

All in all, about 32 different Google Play applications have been identified as infected with BadNews.

Watch Out for Aggressive Advertising

How do you figure out if your Android device has been infected? Detecting BadNews can be difficult. According to Lookout, BadNews acts like an "innocent, if somewhat aggressive, advertising network." (Source: bbc.co.uk)

This means that if you start receiving information about other applications, be wary. There's a good chance BadNews is on your system and is using this method to install more malicious apps on your device.

Once installed, BadNews connects to a command and control server. From there, it can acquire a more devious version of BadNews known as AlphaSMS.

Systems infected with AlphaSMS reportedly steal from victims by sending text messages using premium rate numbers.

The good news: so far, most of the BadNews activity has been limited to Eastern Europe.