14 DAY TRIAL // Security company Lookout discovered that no less than 500 Android apps that were published in the Google Play Store integrated an advertising software development kit called Igexin allowing cybercriminals to deploy malware and spy on users.
Lookout explains that these apps, whose names were not revealed, surpassed 100 million downloads in the Google Play Store and were part of very popular categories, like games targeted at teens, weather apps, Internet radio, photo editors, educational, health and fitness, travel, and emoji.
Google has already removed the apps from the Play store, which means that users are secure at this point, while those who have already installed apps that looks suspicious and which could be infected with the said malware are recommended to scan their devices with dedicated security software.
Not all versions of the SDK compromised
Using an SDK to compromise Android devices is a new tactic that allows cybercriminals to deploy malware on phones and tablets using an otherwise clean app, with Lookout noting that Igexin would provide spying capability. App developers aren’t the ones to blame for the malware, Lookout emphasized, and they are not in control, and sometimes aware, of the malicious payload that’s being deployed with their apps.
“It is likely many app developers were not aware of the personal information that could be exfiltrated from their customers' devices as a result of embedding Igexin's ad SDK. It required deep analysis of the apps' and ad SDK's behavior by our researchers to make this discovery. Not only is the functionality not immediately obvious, it could be altered at any time on the remote server,” Lookout researchers noted.
For what it’s worth, Google isn’t only trying to keep infected apps away from the Play Store, but the company is also working on new security solutions for Android devices.
More recently, the company introduced Google Play Protect, a new security solution for Android devices that automatically scan applications before they are being installed. This means that infected apps that do reach the Play Store somehow won’t be able to reach your device as well, with Google promising to scan billion of apps daily and use cloud power to block malware.