18,000 Android apps contain malicious code that Steals SMS messages

Android logoA Chinese mobile advertising platform is distributing a malicious SDK (Software Development Kit) that helps developers implement in-app purchases (IAPs) for Android apps. This SDK secretly steals all SMS messages that arrive on infected phones.

The SDK is being offered as a free download by Chinese company Taomike, and can be used to allow Android developers to create mobile apps that provide in-app purchases via SMS messages.

According to Palo Alto Networks, the security vendor that discovered the SDK, only recent versions of the SDK seem to contain the SMS stealing functionality. This version was released in August 2015.

Right now, Palo Alto has detected over 63,000 Android apps containing the Taomike SDK, but only 18,000 include the recent malicious version of the SDK.

18,000 Android apps contain malicious code that Steals SMS messages

The developers of these apps are unaware that the library they used to power IAPs is actually stealing SMS messages (text body and sender number) and then uploading them to one of Toamike's servers, more specifically to 112.126.69.51/2c.php.

As Palo Alto staff explains, only this URL is responsible for gathering SMS messages. Tying the URL to Toamike was easy because it was also used to host other API functions.

All affected apps seem to be created only by Chinese developers, and none of them seems to be distributed via Google's official Play Store.

At the moment, Palo Alto has not been able to determine from their analysis what Taomike is using the stolen SMS messages for.

This revelation comes just two days after Apple banned 256 apps from the App Store for including a similar "malicious" API, which was collecting private information from iOS users. This violated Apple's privacy and security policy.

Just like in this case, the API belonged to a Chinese advertising company. The company's name was Youmi.

Source: Softpedia

Tags: Android, security

Comments
Add comment

Your name:
Sign in with:
or
Your comment:


Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party


Last news

 
Is this an error or it is really happening?
 
 
The proposed topic and architecture was originally presented to the JPEG Committee in 2016
 
 
The rest of the specs as seen on Geekbench include 8GB of RAM
 
Samsung is likely to be made official in February at next year's Mobile World Congress in Barcelona
 
Lumia 950 XL shown running Windows 10 on ARM
 
The company has studied such an option in the past
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 /
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
 
 

News Archive

 
 
SuMoTuWeThFrSa
  12345
6789101112
13141516171819
20212223242526
2728293031  




Poll

Do you use microSD card with your phone?
or leave your own version in comments (10)