A new bit of Android malware has been discovered, and the apps it affected were downloaded millions of times.
Lookout, the mobile security company in San Francisco, announced a few days ago that they had found a serious case of malware infecting multiple Android apps. They estimate, based on Google Play statistics, that between 2-9 million infected apps were downloaded.
Don't panic just yet – while the malware appears to have been installed across 32 applications, the majority were Russian. If you haven't been downloading Russian apps, you are probably safe, but take a look at the list below (from Lookout) to make sure you don't have any of these apps installed.
The malware was designed to run a program called AlphaSMS, which fraudulently forces the user to send expensive text messages to the developer. It also pulls phone number and unique ID number from the phone and transmits them to the phisher. It could be used for much more however, as many of these malware are programmed to check into a server every 4 hours to search for new instructions.
While it isn't clear exactly how this code got into the applications, the developers appeared to have taken a clever approach by creating a legitimate advertising program, then including the malware inside the program in future updates. Some of the applications were created by the malicious developers themselves, but many appear to be created by legitimate developers who were tricked into including the bad code.
Because Android's platform allows for more open development, malware has been a much greater problem than with the Apple's iOS. Hopefully, with experienced groups such as Lookout keeping watch, they can be kept to a minimum.