A long time ago, Android was regarded as an unsecured operating system and very susceptible to the virus. This had a real background, since the green robot’s freedom allowed almost any app to be made available in the Play Store, which at the time was still called Android Market. However, Google has been improving the security of its official app store and today it is as secure as its main competitor, the App Store.
But time and again, in its “security rounds,” Google finds and removes hundreds of malicious apps from its collection. Now this was the case. About half a million applications downloaded more than 100 million times through the Play Store were removed because they contained a library of malicious ads that secretly distributed spyware to users and allowed them to perform dangerous actions.
Given that a large percentage of Android applications are free to download, the ads turn out to be used as a source of revenue for developers. To do this, they integrate a library of Android SDK Ads in their applications.
Security researchers at Lookout discovered malicious versions of the Igexin SDK, handled by a Chinese company that instead of connecting the application to the ads, installed spyware on their Android device.
Igexin is designed for developers to deliver targeted ads to their app users, with their eyes on revenue. This seemingly harmless SDK was concealed in the applications in order to pass the security tests of the Play Store.
In addition to collecting user data to target ads based on their interests, it contained integrated applications that communicated with IP addresses responsible for providing malware.
Once the device is infected, the SDK will be able to collect logs with user information, as well as install other plugins remotely, which can record call logs or reveal information about their activities.
No detailed list of affected applications was published, as investigators believe that developers were unaware of such a feat, however, Google has already removed all applications from the Play Store.
Still, it is known that Lookout has identified applications of games, weather, online radio, photo editors, education, health, travel and eventually others. Only the LuckyCash and SelfieCity applications were announced.
It is recommended that users who have downloaded suspicious applications run anti-virus / anti-malware. For future situations, opt-in to Google Play Protect, a Google security tool that looks at apps to install on Android.