Chinese Advertising SDK Found in Hundreds of Apps Stealing Data

New Malware, Switcher Trojan, Targets Android Users and Wi-Fi Networks

Users of smartphones, beware – it has been found out that many legitimate apps have an advertising software development kit in them which secretly collects user data and sends what it finds to the servers of a Chinese company.

This software development kit or SDK is developed by a Chinese firm Igexin and can be found in more than 500 apps that are available on the official Google Play Store and are reportedly downloaded over the astounding 100 million times.

People first started looking into it after they had noticed suspicious API requests. According to researchers, they managed to get on the trail of the Igexin SDK by noticing a pattern: reportedly, known malware samples were being downloaded on clean smartphones after the device made a request to the Igexin API server.

After several months of investigation, Lookout mobile security firm’s researchers found out that the developers of Igexin were using SDK legitimate functions in order to send malicious commands to legitimate apps.

By looking at what the legitimate apps asked the phone users to give them permission to do during the installation process, the Lookout researchers were able to deduce that the SDK was able to collect various sorts of data from the devices but more than anything call logs.

Not only that, but the SDK also downloaded and ran code contained in large encrypted files without the users’ permission. This code helped the malicious conduct.

After the researchers got a hold of this information, they contacted Google and the developers of the legitimate apps that contained the Igexin SDK being used to simplify the delivery of ads.

Until the app developers are able to issue updates for their apps, Google took the steps to disable the malicious version of the said apps.

The researchers didn’t want to mention the exact apps that had the Igexin SDK, since they don’t think it’s the developers’ fault. Nonetheless, they provided a generic list of apps where they found the Igexin SDK.

  • Photo editors (1M-5M downloads)
  • Weather apps (one with 1M-5M downloads)
  • Games targeted at teens (one with 50M-100M downloads)
  • Internet radio (500K-1M downloads)
  • As well as educational, health and fitness, travel, emoji, home video camera apps.

Just last year, researchers from Kryptowire found that Adups, a Chinese firmware developer, had included malicious code in the firmware they delivered to Android phone makers.

This malicious code would gather a vast number of user details and send the collected data back to servers located in China. Low-priced Android devices were mostly affected, like BLU and even Barnes & Noble NOOK tablets.

Earlier in the month, Adups claimed to have stopped with the data collection, but experts are not believing the company.