According to Google Play statistics, the malware has been downloaded millions of times and can be found in 32 apps across four different developer accounts.
Marc Rogers, Principal Security Researcher at Lookout, wrote on the blog to say, "We have notified Google and they promptly removed all apps and suspended the associated developer accounts pending further investigation.
The Android malware poses as advertisements with the ability to, "send fake news messages, prompt users to install applications and sends sensitive information such as the phone number and device ID to its Command and Control (C&C) server," Lookout states.
About half of the infected apps are in Russian and BadNews was recorded as sending AlphaSMS, premium rate SMS fraud in the Russian Federation, to infected devices.
The servers have been noted in Russia, Ukraine, and one in Germany. Lookout inform Android users to make sure the Android system setting 'nknown sources' is unchecked to prevent dropped or drive-by-download app installs and to download a mobile security app, like Lookout's.
A recent annual report, published by mobile security company NQ Mobile, has estimated that Android Malware has more than doubled worldwide last year with nearly 33 million devices infected, from 11 million in 2011.