More than 500 Android apps spyware that 100 million users have downloaded from the official Google Play Store. Those apps are revealed to be infected with a malicious ad library. That library spreads spyware to users and can execute critical actions. As the malware is becoming more sophisticated with every passing day, the need of a VPN service is increasing as well. If you are looking for a reliable VPN check out these two of the best VPN services; NordVPN and ExpressVPN.
Malware- Igexin Software Development Kit (SDK):
Most of the Android apps are available to download for free via Google Play Store. Therefore app developers consider advertising is the main source to generate revenue. In this regard, they attach Android SDK Ads library with their apps. It generally does not have any effect on the core functions of the app.
Recently a mobile security firm ‘Lookout’has discovered a software development kit (SDK), copied Igexin. It was found transferring spyware on Android devices.
Objectives Of the SDK Malware:
A Chinese company developed this to propose targeted advertising services to app developers. The rogue ‘Igexin’ advertising software was found to be in more than 500 apps on Google’s official marketplace, most of which had:
- Games targeted at teens with as many as 100 million downloads
- Weather apps with as many as 5 million downloads
- Photo editor apps with 5 Million downloads
- Internet radio app with 1 million downloads
- Other apps targeted at education, health and fitness, travel, and emoji
Why Chinese Company Developed The Malware?
The Igexin SDK sole purpose was to provide targeted advertisements to its users and to make money. Therefore, the SDK takes user information as well to utilize it further for targeting interest-based ads.
“We observed an app downloading large, encrypted files after making a series of initial requests to a REST API at http://sdk[.]open[.]phone[.]igexin.com/api.php, which is an endpoint used by the Igexin ad SDK,” the researchers explain in a blog post.
“This sort of traffic is often the result of malware that downloads and executes code after an initially “clean” app is installed, in order to evade detection.”
When the malware is transferred to infected devices; the SDK is capable enough to collect logs of users data from their device. Additionally, it could install various plugins to the devices independently. Therefore it could tap call logs or get to know information about users activities.
How Can the Users Protect Their Device:
- The goods news is that Google has removed all the Android apps using the rogue SDK from its Play Store marketplace. But those users have installed such apps on their device, need to have Google Play Protect.Google has recently launched a security feature Play Protect. It uses machine learning and app usage analysis to uninstall malicious apps from users Android smartphones to avoid further damage.
- We recommend you to always have a good antivirus application installed on your device; through which u can get to know malicious apps and block them. So they couldn’t infect your device,
- Your device should always be up-to-date.
- Android malware continues to evolve with more sophisticated and never-seen-before capabilities with every passing day.
