Recently, the cyber-security firm Lookout reported they found more than 500 Android mobile apps available in the Google Play Store updated or removed lately could be used to spy on users by using a malicious advertising software development (SDK). This advertising SDK is from a Chinese company known as Igexin. The software might have been downloaded more than 100 million times over the whole of the global Android ecosystem.
According to Lookout, “Igexin is somewhat unique because the app developers themselves are not creating the malicious functionality — nor are they in control or even aware of the malicious payload that may subsequently execute.”
The malware seems to target apps that would be popular with teenager, a demographic which, as it turns out, was responsible for about 50 million of the total downloads. These apps include photo editors, internet radio and weather apps. Also, apps from various categories seem to be affected, including: home video, travel, health and fitness, educational, and emoji.
The security firm also comments that some of the popular apps include SelfieCity (which has been downloaded more than 5 million times) and Luck Cash (which has been downloaded more than a million times). Since the discovery, of course, both of these apps have been purged and are now safe to download from the Google Play Store.
In an email to Ars Technica, Google said, “We’ve taken action on these apps in Play, and automatically secured previously downloaded versions of them as well. We appreciate contributions from the research community that help keep Android safe.”
Even with the high-security focus of the day, malware-infected apps still manage to get through Google’s defense systems, using one of a few, somewhat, complicated techniques.
At the end of the day, the Security Intelligence team at Lookout commented, “While not all of these applications have been confirmed to download the malicious spying capability, Igexin could have introduced that functionality at their convenience,” adding that this is “becoming increasingly common for innovative malware authors to attempt to evade detection by submitting innocuous apps to trusted app stores, then at a later time, downloading malicious code from a remote server.”