Lyjotoblog

An advertising software development kit (SDK) embedded in many legitimate apps has been secretly siphoning user data and sending it to the servers of a Chinese company.

Developed by Chinese firm Igexin, the advertising SDK was found in over 500 apps that were uploaded on the official Google Play Store and had been downloaded over 100 million times across the Android ecosystem.

Investigation started after noticing suspicious API requests

Researchers say they got on the trail of the Igexin SDK after they noticed that known malware samples were being downloaded on clean smartphones after the device made a request to the Igexin API server.
Following months of investigation, researchers from mobile security firm Lookout discovered that Igexin developers were using SDK legitimate functions to send malicious commands to legitimate apps.

Based on the permissions the legitimate apps received from users during installation, Lookout says it observed the SDK collecting all sorts of data from users' devices, but mostly call logs.

In addition, the SDK also forcibly downloaded and ran code contained in large encrypted files. This code aided the malicious behavior.
<--More -->