Share this Story

Lookout Discovers New BadNews Malware Family, Infected 32 Different Apps on Google Play


Today, Lookout is reporting that they have found a new family of malware that has been running rampant throughout Google Play called, BadNews. BadNews was found on a total of 32 applications on Google Play and through statistics, is said to have been downloaded roughly 2 million to 9 million times. 

Lookout brought this to the attention of Google and the company immediately removed the infected apps and have suspended the developer accounts associated with them.

BadNews masquerades as an innocent, if somewhat aggressive advertising network. However, it has the ability to send fake news messages, prompt users to install applications and sends sensitive information such as the phone number and device ID to its Command and Control (C&C) server. BadNews uses its ability to display fake news messages in order to push out other types of monetization malware and promote affiliated apps.

During our investigation we caught BadNews pushing AlphaSMS, well known premium rate SMS fraud malware, to infected devices.

Naturally, users who currently have the Lookout application installed on their device are safe from this threat.

Via: Lookout

  • KRS_Won

    APP NAMES: … Greemlin Holiday, Stupid Birds…
    APP TYPE: … Salad, Russian Mushroom …
    PACKAGE NAME: … air.butt.Rus. , air.butt.sex …


  • Justin

    Calling frank stallone, paging frank stallone….

  • The last line – “Naturally, users who currently have the Lookout application installed on their device are safe from this threat” – makes/paints this entire post (as) a ‘promoted’ post.

  • Lmfao at the Russian mushrooms app

  • Tim242

    Lookout is a scam in and of itself.

  • Sherri Felix

    Type of app: Russian Mushrooms….????? Is that really a “thing”? Games….yes. Recipes….OK….Sex app…..not for me, but OK….Russian Mushrooms???????

  • PhoenixPath

    Guys, don’t *ADD* to the sensationalism,…

    32 of nearly a million does not equate to “running rampant” by any stretch of the imagination….and I would seriously question that 2mil to 9mil downloads number.

    281 thousand downloads per app….?

    Yeah. Sure. Look at the app names in the attached image from lookout…laughable.

  • umataro42

    I wonder if Stupid Birds is an Angry Birds copy. Too bad its malware loaded, I like the name. Looks like they’re all from Russia (or countries that use the language).

  • BrianCherry

    I think Google should just buy Lookout, implement it into Android and Google Play security and call it a day.

  • Loc-Nar

    Oh yet again, well sure! If we count the russian federatioan and other 3rd world areas then it just makes sense…. How many of these were US originated apps? How many required the user to be stupid to install? Move along … Move Along …

    • PhoenixPath

      Yeah, but you know the Apple and WinMo faithful will jump all over this screaming “Android is doomed! Flee while you still can!”


      This would be a non issue if it wasn’t for the PR these crap-throwing monkeys are going to spread. Google needs to crack down on this BS…and right-quick.

  • DiegoKokomo

    Speak for yourself…I’d download the 2nd down 2nd over right now if I knew what it was called despite knowing it’s full of malware!

    • PhoenixPath

      Note to self: Diego never gets to touch any mobile device I use. 😛

      • DiegoKokomo

        Lame, what if I promise to get you in touch with a very rich Nigerian prince in exchange?

        • PhoenixPath

          Nope. They can’t touch my mobile devices either.

    • duke69111

      What does it for ya, the naked woman or the two strands of wheat in-front of her? 🙂

  • DiegoKokomo

    Speak for yourself…I’d download the 2nd down 2nd over right now if I knew what it was called despite knowing it’s full of malware!

  • EvanTheGamer

    lol….it’s funny ’cause each of those apps are as lame as the BadNews malware itself. Who in their right mind would download such apps anyways? Oh right…n00bs, tools, and idiots.

  • Granted

    Good job providing a list of the infected applications, it sure was helpful.

    • sirmeili

      Not sure if you’re being sarcastic or not, but they are clearly listed on the source article over at Lookout.

      • PhoenixPath

        Did you get a load of the app names? It’s a joke. Lookout is quickly losing any credibility it may have had…

        Note to anyone with a brain: Dodgy looking Russian apps are *BAD*.

        (It is astonishing that, in this day and age, anyone would actually not know this…)

        No Hope for the Human Race.

        • sirmeili

          Yeah…..Not saying it’s not a joke, just saying perhaps Granted shouldn’t be complaining that there isn’t a list of infected apps, when you can click the source link and find them.

          It would be interesting to see the demographics of who downloaded them though (geographic location mostly). I wonder if it was mostly Russian Users

          • PhoenixPath

            Wouldn’t surprise me… I still cannot believe Google doesn’t have some kind of fingerprinting to keep apps with this kind of malware crap off the store though.

            All this amounts to is more fodder for the Apple/WinMo faithful to start their “Infected! Unclean!” mantra up all over again.

          • sirmeili

            Eh….let them. I’m smart enough not to download that stuff. Even my mom doesn’t download that stuff on her tablet. She’s happy with the browser and that’s about it.

  • TheWenger

    Rampant….I am fearful, uncertain, and doubtful. It’s a good thing Lookout will sell me exactly what I need to take care of this rampant threat.

    • PhoenixPath


      32 apps among over a million? All dodgy-looking russian knock-off apps?

      Yeah…rampant. Like mushrooms in the desert…

      • Rob

        I read that as completely flat and sarcastic.

        • PhoenixPath

          Sarcasm begets sarcasm. I was agreeing with the OP….

          Unless you read my post as flat and sarcastic? In which case..

          Flat?!?!?1 Never!

  • Ryan Frankenstein

    I believe the above response has been stated enough. Obviously if their are numerous apps in the actually Google Play Store that are infected……Google needs to get off their arse and clean this mess up.

  • Rodney A.

    Is it possible to list the 32 apps that were affected?

    • duke69111

      Click the source link.

    • Daniel

      Here’s the list, seems most are random Russian apps so I’d bet most of us are safe without having Lookout installed:

      • Granted

        Thanks Daniel, you were way more helpful than the damn article. I didn’t for a second think that I had ever installed any of these infected applications, because I’m extremely strict when it comes to app permissions. But, I still like to see the application names for reference.

        • EvanTheGamer

          It’s called “clicking” on the “Lookout” link which brings you to the article with the list of apps. But I guess most are lazy and don’t want to take literally a second to click on something.

          • Someone is having a rough Friday 🙁

          • PhoenixPath

            2 ft of snow.

            On April 19th.

            Tough Friday?

            Screw that…Someone needs to remind April what the hell part of the year it falls in.

            /random rant

          • EvanTheGamer


          • EvanTheGamer

            Hey…just telling it like it is.

            Also, earlier I had a headache the size of Texas so yeah, was sorta having a rough Friday.