Google mass-culls apps after malware found in Play Store

Isaac Cain
August 24, 2017

According to ZDNet, the apps were "collectively downloaded over 100 million times from the Google Play store", and "could have been used to secretly distribute spyware to users, thanks to a malicious advertising SDK (software development kit)". There was a weather app, for example, that was downloaded millions of times and an internet radio app with similar download ratings.

Developers of numerous affected apps were "likely... not aware of the personal information that could be exfiltrated from their customers' devices as a result of embedding Igexin's ad SDK", Lookout said. In spite of the offending Android applications being removed, a lot of the users that downloaded the malicious applications are not likely to be aware they were potentially at risk even considering applications do not have a sort of recall facility to them and developers have to hope users follow their instructions which is the updating of applications.

Last week, the Google Play store also removed the app for free speech social network Gab, which had already been up for several months, citing "hate speech" on the platform.

"Instead, the invasive activity initiates from an Igexin-controlled server".

Infected apps still pass through Google's system despite the preventive measures they make, as these apps often have various obfuscation techniques to bypass these checkpoints. Though it is not unusual for apps to connect with outside servers, what alerted the researchers was when they found that an app appeared to be "downloading large, encrypted files" from those servers.

More news: Naked, intoxicated ESPN Radio host arrested for criminal trespassing

Advertising SDKs are used to help developers deliver targeted ads to customers.

Lookout researchers also recently identified more than 1,000 spyware-infested apps capable of recording audio and snooping on call logs, contacts, and more.

The researchers noticed that malware was being found on newly reset phones after they had made contact with Igexin's servers. The number reached over 500 Android apps with a combined 100 million downloads.

In an e-mail to Ars Technica, a Google spokesman said: "We've taken action on these apps in Play, and automatically secured previously downloaded versions of them as well".

Other reports by LeisureTravelAid

Discuss This Article