August 22, 2017 by

500 Android Apps with 100 Million+ Downloads Found to Contain Spyware

Over 500 Android apps which have been collectively downloaded some 100 million times from the Google Play store could have been hijacked to distribute spyware in a clandestinely due to a malicious advertising SDK (software development kit).

Security researchers at Lookout have discovered a rogue SDK called Igexin which can be compromised for malicious activity. Mobile applications, particularly freeware, frequently use advertising SDKs to deliver ads to their customers using established advertising networks as a means toward revenue. In this case, several app developers unknowingly deployed Igexin, an SDK that has been exploited previously for malicious activity.

Igexin, which is of Chinese origin, promotes services that claims to use data about people for advertising purposes. The SDK uses details such as interests, occupation, income and location for the benefit of advertising.

Lookout researchers provided details of two infected apps: a photography Android app called SelfieCity which has been downloaded over five million times and another app called LuckyCash, downloaded over a million times. Other unnamed infected apps include a teenager-targeted game with over 50 million downloads. A weather and photo apps were both between one million and five million downloads respectively.

Other infected apps included a number of educational, travel, health and fitness, emoji, home video camera and other apps. Altogether, the ad network had the potential to infect over 100 million Android phones, turning them into malicious spying devices.

“It is becoming increasingly common for innovative malware authors to attempt to evade detection by submitting innocuous apps to trusted app stores, then at a later time, downloading malicious code from a remote serve, “wrote Lookout researchers. “Igexin is somewhat unique because the app developers themselves are not creating the malicious functionality – nor are they in control or even aware of the malicious payload that may subsequently execute.”

Google has since removed the malicious applications from the Play Store, or replaced them with updated versions without the rogue spyware.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Hackers Invade Safety System of Critical Infrastructure Facility

Hackers, presumed to work for a nation-state, recently hacked a safety system belonging to a...

Read more arrow_forward

New Ransomware ‘Spider’ Threatens Wipeout in 96 Hours

A new strain of ransomware discovered by security researchers encrypts files and gives victims a...

Read more arrow_forward

Security Researchers Discover Trove of 1.4 Billion Credentials

Security researchers at dark web monitoring firm 4iQ have stumbled upon a massive 41GB data file of...

Read more arrow_forward