The security company Lookout has discovered at least 500 applications Androids that were released through the Google Play Store and featured Igexin, a software development kit. The SDK allowed fraudsters to develop malicious preletterto spy on users.
Lookout explains that these apps, whose names did not reveal, exceeded 100 millions of downloads in the Google Play Store and were among the most popular categories, such as adolescent games, weather apps, Internet radios, photo editors, travel applications and emoji.
Google seems to have already removed these apps from the Play Store, which means that there is no longer any risk (from this software). Those who have installed apps that seem suspicious should scan their devices with some reliable security software.
Using an SDK to serve malicious apps to Android devices is a new tactic that allows maliciousdevelopers to develop malware on phones and tablets using “clean apps.”
Lookout reports that the Igexin SDK provides capabilities espionageand that the developers may not have known about it.
“It's likely that many app developers were unaware that their app was leaking personal information from their customers' devices as a result of integrating Igexin's ad SDK. It took a deep analysis of the behavior of the apps and the SDK from them researchers μας για να γίνει αυτή η discovery. The functionality is not only obvious, but can be modified at any time from a remote server,” Lookout researchers report.