Igexin use their advertising SDK to siphon user data back to their servers in China
In 2016, the Chinese firmware developer 'Adups' was caught inserting malicious code into firmware delivered to devices such as those by BLU and the B&N Nook. Now, in 2017, malware researchers from 'Lookout' have found that a software development kit (SDK) by Ixegin for inserting advertising was collecting user data and reporting it back to Igexin servers in China.
The researchers noticed that malware was being found on newly reset phones after they had made contact with Igexin's servers. The SDK was used in around 500 legitimate applications, several of which had over one million downloads and one had over 50 million downloads. Igexin was using the permissions granted to these apps to execute malicious commands designed to collect a range of data such as call logs, as well as silently downloading and running malicious code.
The researchers notified Google, who responded by disabling the compromised applications while developers issue updates using an alternative advertising SDK. None of the compromised applications have been identified since the app developers weren't aware of the malicious code, but the list of affected applications includes games, weather apps, photo editors, internet radio and more.