August 22, 2017 by

500 Android Apps with 100 Million+ Downloads Found to Contain Spyware

Over 500 Android apps which have been collectively downloaded some 100 million times from the Google Play store could have been hijacked to distribute spyware in a clandestinely due to a malicious advertising SDK (software development kit).

Security researchers at Lookout have discovered a rogue SDK called Igexin which can be compromised for malicious activity. Mobile applications, particularly freeware, frequently use advertising SDKs to deliver ads to their customers using established advertising networks as a means toward revenue. In this case, several app developers unknowingly deployed Igexin, an SDK that has been exploited previously for malicious activity.

Igexin, which is of Chinese origin, promotes services that claims to use data about people for advertising purposes. The SDK uses details such as interests, occupation, income and location for the benefit of advertising.

Lookout researchers provided details of two infected apps: a photography Android app called SelfieCity which has been downloaded over five million times and another app called LuckyCash, downloaded over a million times. Other unnamed infected apps include a teenager-targeted game with over 50 million downloads. A weather and photo apps were both between one million and five million downloads respectively.

Other infected apps included a number of educational, travel, health and fitness, emoji, home video camera and other apps. Altogether, the ad network had the potential to infect over 100 million Android phones, turning them into malicious spying devices.

“It is becoming increasingly common for innovative malware authors to attempt to evade detection by submitting innocuous apps to trusted app stores, then at a later time, downloading malicious code from a remote serve, “wrote Lookout researchers. “Igexin is somewhat unique because the app developers themselves are not creating the malicious functionality – nor are they in control or even aware of the malicious payload that may subsequently execute.”

Google has since removed the malicious applications from the Play Store, or replaced them with updated versions without the rogue spyware.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Popular Freeware Site Found Hosting Bitcoin Stealing Malware

A dangerous bitcoin stealing malware that swaps user accounts with that of the attacker was...

Read more arrow_forward

Microsoft Sees Cryptocurrency Miners as an ‘Increasing Threat’

Software giant Microsoft has labelled malicious cryptocurrency miners as an increasing threat as...

Read more arrow_forward

Robots are Now Vulnerable to Ransomware Attacks

Security researchers have put the spotlight on malware affecting humanoid robots with the first...

Read more arrow_forward