Feeds

'BadNews is malware' says outfit that found it

Google says code harmless but Lookout says code base is evolving

The Power of One eBook: Top reasons to choose HP BladeSystem

The BadNews malware debate continues to be batted back and forth, with Lookout, the company that first raised the alarm, maintaining that it is malware in the face of Google's assertion last week that it had seen no malicious activity associated with apps carrying the malware.

In conversation with The Register, Lookout's security product manager Jeremy Linden said the company not only remains confident that BadNews is malware, but that the security vendor is seeing “evolution of the code base”.

When BadNews was discovered, Lookout said it was present in 32 apps on Google Play which, combined, had been downloaded millions of times.

Last week, Google told a security conference “it had no evidence that BadNews was playing a part in the distribution of SMS-borne frauds”, adding that “we haven't seen a single instance of abusive SMS applications being downloaded as a result of BadNews”.

Linden has now told The Register that “Our analysis confirms that BadNews does prompt the user to install a malware application,” but that it was written “to avoid detection”. It remains quiet most of the time, he said, only becoming active for a few minutes at a time.

“There's a high possibility that Google hasn't seen it sending malware,” Linden told The Register. “We have systems that act like they're infected clients, so they can sit on the malware networks and log malicious traffic.

“We are still seeing traffic from BadNews and we're seeing an evolution of the code base.”

He said that BadNews' operators are “adding features” to increase the malicious activity of the malware, and said Lookout believes “the same developers are behind other explicitly malicious code.”

The Register invited Google to provide comment for this story, but has received no response. ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.