18,000 Android apps found with malicious code that steals messages

Researchers from Palo Alto Networks, has confirmed that Taomike, a Chinese mobile advertising company, has been distributing a malicious Software Development Kit (SDK) that allows Android developers for implementing in-app purchases (IAPs) for Android apps.
The SDK, which can be downloaded for free via Taomike, steals all messages on infected phones and sends them to the Taomike controlled server.
The SDK is being offered as a free download by Chinese company Taomike, and can be used to allow Android developers to create mobile apps that provide in-app purchases via SMS messages.
Palo Alto Networks posted in a blog stating since August 1, Palo Alto Networks WildFire has captured over 18,000 Android apps that contain the library. These apps are not hosted inside the Google Play store, but are distributed via third party distribution mechanisms in China.
Taomike provides the SDK and services to help developers display rich advertisements with a high pay rate. Although, it has not previously been associated with malicious activity, a recent update to their software added SMS theft functionality.
According to a report published in MNR Daily, there has been an increment in the number of cases of Chinese advertising company’s developing malicious SDKs and APIs being used by developers to develop their own apps.
But, these apps built using the malicious SDKs and APIs have been found to steal private information and data from the handsets on which the infected apps have been installed.
They have been providing datas, which include device login and password details, to the companies who have developed the SDKs and APIs.
“Among these malware, we have found many that are created by “mobile monetization” companies who distribute apps that provide little value but have a high cost to the user. These apps are often installed by tricking users into clicking a pop-up, only to find later that a charge has appeared on their phone bill,” they added.
The researchers suggested that when developers incorporate the libraries into their apps they needed to carefully test them and monitor for any abnormal activities.

“Identifying monetization and advertising platforms that behave poorly and abuse their users is something that our industry must to do ensure the safety of all mobile devices and their users,” they concluded. 

Leave a Reply