Security personnel have identified 32 separate apps on Google Play that have a bug called BadNews.
BadNews stole cash by racking up charges from sending premium rate text messages. The bug was undetected until recently when security firm, Lookout uncovered the bug.
The malware targeted Android users and infected Russia, Ukraine, Belarus and other countries in Eastern Europe.
While the exact number of victims are yet to be released from Lookout however, the bug seems to have infected two to nine million different phones.
Lookout stated that BadNews was acting as an “innocent, if somewhat aggressive advertising network,” and was out sending users info to third parties. Users were tricked into installing AlphaSMS as it was labelled an essential update.
While Lookout is still researching the bug it seems that half of the 32 apps seeded with BadNews were Russian.