Google Play apps spread malware through advertising SDK

Through the use of an advertising software development kit contained in 500 apps on the Google Play Store, cybercriminals were able to spy on users and even infect their mobile devices with malware.

That's according to security firm Lookout, which discovered that the Android apps in question all had the lgexin ad SDK built into them which gave unauthorized third parties access to user devices.

The apps themselves also managed to be downloaded over 100 million times from the Google Play Store as many of them fell into popular categories such as weather, health and fitness, travel and games.

However, the app developers were likely not responsible for the malware added by the cybercriminals and this is not the first time that hackers have used an SDK to deliver a malicious payload.

Lookout researchers offered further details on why the developers were likely unaware that their apps contained malware at all, saying:

"It is likely many app developers were not aware of the personal information that could be exfiltrated from their customers' devices as a result of embedding Igexin's ad SDK. It required deep analysis of the apps' and ad SDK's behavior by our researchers to make this discovery. Not only is the functionality not immediately obvious, it could be altered at any time on the remote server."

In an attempt to prevent apps from being able to deliver malware to mobile devices, Google recently introduced Google Play Protect which will be built into the latest version of its mobile OS, Android O.

Lookout has informed Google of its discover and all of the affected apps have now been removed from the Play Store.

Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.

Photo Credit: fatmawati achmad zaenuri/Shutterstock