Chinese ad platform secretly stole phone data from Android devices
A popular Chinese advertising software development kit, used on over 500 Google Play apps with millions of downloads each, spied on unsuspecting users and developers and secretly took data including GPS data, device identifiers and call logs. Investigating suspicious traffic during a review of apps that communicate with IPs and servers that have a history of serving malware, researchers from mobile security company Lookout saw an app downloading large, encrypted files after requests to an endpoint used by the Igexin ad software development kit, behavior typical of malware acting after a temporarily clean app installation. “It is becoming increasingly common for innovative malware authors to attempt to evade detection by submitting innocuous apps to trusted app stores, then at a later time, downloading malicious code from a remote server,” the researchers wrote. “Igexin is somewhat unique because the app developers themselves are not creating the malicious functionality – nor are they […]
The post Chinese ad platform secretly stole phone data from Android devices appeared first on Cyberscoop.
Continue reading Chinese ad platform secretly stole phone data from Android devices