Google Play, the main app source for Android users was recently under attack by malware developers. Based on the security research done by "Lookout," Google had to remove over 500 Android apps, which by themselves were downloaded over 100 million times. The culprit was identified as a software development kit (SDK), the source of which is a Chinese advertising developer "Igexin." Lookout estimated that most app developers were not even aware that the SDK they used had been secretly loaded with spyware, able to collect almost any kind of data available on the mobile device that has been infected.

Most of the infected apps aimed at younger users

Android is currently the most used mobile device platform and to that effect, it is not only most interesting to advertisers, but also to hackers and malware developers. Google is constantly under pressure to take action against malware being spread through Google Play. Recently it had to remove two spyware apps, one called "system update" and the other a variation of the "SonicSpy" malware. This time around it had to take a much wider action due to the number of affected apps and an immense number of downloads those apps had.

Developers of free apps almost always include an SDK that delivers a wide spectrum of ads to their customers aimed at generating revenue for them.

Integrating an SDK Ads library is not supposed to affect the core functionality of an app. The Igexin SDK is supposed to deliver targeted, interest-based advertisements by collecting user data. But as the Lookout researchers found out, this SDK would start communicating with various malicious IP addresses and deliver malware to mobile devices, without the creators of the apps using Igexin's SDK being aware of it.

Journalists trying to contact Igexin for a response have received no reply yet.

Lookout released the names of only two infected applications - one a photo app called SelfieCity, which was downloaded five million times, and a gaming app called LuckyCash, itself downloaded over a million times. According to Lookout, both apps have been cleaned of the malware in the meantime.

As with these two, the general data the researchers presented indicates that most of the infected applications were those used by teenagers and young adults - games with about 100 million downloads, weather apps with over five million downloads, photo editor with also five million downloads, internet radio with one million downloads, as well as education, health and fitness, travel and emoji apps.

Avoiding this type of malware

Although Google has in the meantime removed the apps using this SDK or has re-installed such apps with the malware removed, there are certain security measures that all Android users need to take. Those that might have installed one of the removed apps should make sure they have Google Play Protect installed.

This is a new security feature launched by Google that takes measures to uninstall malicious apps. The other standard measure is to always have a good antivirus application active on your mobile device as well as update all the apps on your device regularly. Unfortunately, the spread of spyware and other malware certainly isn't over yet.