There has been a report that more than 500 Android apps from the Google Playstore that have been downloaded 100 million times are infected with a malicious ad library that secretly distributes spyware to end users and has been found to perform dangerous operations without the user knowing it.
These Android apps were found by the folks at Lookout to have been using an SDK dubbed Igexin. The SDK offer targeted advertising to app developers since most of the apps in the Google Playstore are free to download. Igexin has been found to mostly affect these kinds of apps:
- Games targeted at teens with as many as 100 million downloads
- Weather apps with as many as 5 million downloads
- Photo editing apps with 5 million downloads
- Internet radio app with 1 million downloads
- Other apps for education, health and fitness, travel, and emoji.
Designed by a Chinese advertising firm, the Igexin SDK helps app developers to serve specifically targeted advertisements to its users to create revenue for their free to download app. That’s all well and good for free to download apps, but the Igexin SDK was spotted by Lookout communicating with strange IP addresses that deliver malware to users without the app developers knowing what’s happening.
If the device has been infected, Igexin can gather logs of user information, remotely install other plugins to the device that could potentially record call logs or reveal information about the end user.
Google has mostly removed the apps using the Igexin SDK for their targeted advertisements from the Playstore. You can protect yourself, however, using Google’s own Google Play Protect that comes built-in with the upcoming Android Oreo update in the near future.