Google Play is no stranger to dodgy apps, unfortunately, and while some of them are actually kinda funny (Garage Band for Android springs to mind), others are out to cause some serious smartphone-based harm.
Alas, it’s very much the latter case with something called BadNews, a strain of malware that’s been downloaded as many as nine million times.
That’s the story according to a post on The Lookout Blog, with the security chaps identifying BadNews in 32 apps across four developer accounts.
Google Play download stats suggest the apps have been downloaded between two and nine million times combined.
Lookout confirms that the offending BadNews-infected apps have been removed, and the associated developer accounts suspended pending further investigation.
The majority of the offending apps appear to be in Russian, with premium rate fraudster AlphaSMS – touted through aggressive BadNews advertising – playing a key role.
In some cases, malicious download links masquerade as critical updates for legitimate apps such as Skype, while sensitive information including phone numbers and IMEIs are also at risk.
Lookout recommends unchecking the ‘Unknown sources’ box, and – of course – downloading security software like, er, Lookout.
Be careful out there, kids.