1. olga421's Avatar
    Nearly 18,000 Android apps built using the Taomike SDK, and used in China, have been found to include a malicious SMS stealing library.
    Bad news for Android users, according to according to Palo Alto Networks, nearly*18,000 Android Applications*built using the Taomike SDK* have been found to include SMS Stealing Library.

    The Taomike SDK is one of the largest mobile advertisement solution platforms in China, it allows developers to include advertising functionalities in their mobile apps. It has been estimated that it has been used in the development of advertising channels in over*63,000 Android apps.

    There is more, the experts at Palo Alto Networks noticed that the mobile apps were making copies of all messages sent to infected devices since* August 1st.

    The infected apps*are being distributed through third-party stores in China, they include the malicious zdtpay” SDK library. The SMS Stealing Library is a component of Taomike’s in-app purchases (IAPs) system that has been designed to capture incoming messages from the mobile device.

    “,we recently identified that the Chinese Taomike SDK has begun capturing copies of all messages received by the phone and sending them to a Taomike controlled server. Since August 1, Palo Alto Networks WildFire has captured over 18,000 Android apps that contain this library. These apps are not hosted inside the Google Play store, but are distributed via third party distribution mechanisms in China.” states Palo Alto Networks.

    The experts discovered that only a newer version of the Taomike SDK includes the library, earlier SDK releases are not infected.

    In particular, only the*applications containing the embedded URL hxxp:// include the malicious library, it is important to note that the address belongs the Taomike API server.

    The SMS Stealing Library requests network and SMS access permissions to the users, it also registers a receiver named com.zdtpay.Rf2b for both the SMS_RECEIVED and BOOT_COMPLETED actions with the highest priority of 2147483647.

    The receiver Rf2b is used to access all the incoming messages and collects both the message body and the sender.

    The researchers at Palo Alto Networks highlighted that users with mobile devices running Android 4.4 KitKat are safe because it prevents applications from capturing SMS messages if they are not the default SMS application.

    A great number of app developers try to monetize their efforts including advertising libraries in their code, however third-party advertising platforms could be exploited to serve malicious codes over a large number of devices.

    Earlier this month, the experts at FireEye discovered another malicious code, the Kemoge*adware*that targeted once again Android users in dozens of countries.

    The Kemoge*malware*is packaged with various popular Android mobile apps such as games, calculators and device lockers, which are*deployed*to third-party app stores. The threat actors behind the malicious campaign*promoted the trojanized apps through in-app ads and download links posted on various websites.

    Posted via CB10
    10-26-15 02:44 PM
  2. Dunt Dunt Dunt's Avatar
    The infected apps are being distributed through third-party stores in China,
    No worries then......if you have Google Play, why would you need a third-party store from China?
    10-26-15 03:01 PM
  3. cgk's Avatar
    No worries then......if you have Google Play, why would you need a third-party store from China?
    I was just wondering that - most devices in China aren't android anyway (they are AOSP based).
    10-26-15 03:03 PM
  4. lift's Avatar
    I thought apps were scanned if they were installed from 3rd parties? Isn't that feature turned on by default?
    10-26-15 03:06 PM
  5. Dunt Dunt Dunt's Avatar
    I thought apps were scanned if they were installed from 3rd parties? Isn't that feature turned on by default?
    In BB10 yes that is a feature. No sure how it works.... seem to be more of a blacklist type database app... but I wouldn't count on it catching something they don't know about, cause I find it hard to believe that in less than five seconds it can scan and analyse a APK.

    But I think the OP was pointing out the general concerns with Android.... for years we've used the "android is a major security problem", which was fine when it was us against them. Now "we are them", so it's important to realized that most of those vulnerabilities, are due to unsafe practices.
    10-26-15 03:54 PM
  6. cgk's Avatar
    I thought apps were scanned if they were installed from 3rd parties? Isn't that feature turned on by default?
    On android to download and install apps from third parties, you have to go into the settings and expressly allow this - which if you were doing to get apps from some shady chinese app store... well best of luck to you.
    10-26-15 04:00 PM

Similar Threads

  1. Security Problem: how to disable bluetooth HID profile
    By jasonnet in forum BlackBerry Classic
    Replies: 3
    Last Post: 01-19-16, 04:54 PM
  2. Hi from Ireland - Switching from Android to BlackBerry
    By cualta in forum New to the Forums? Introduce Yourself Here!
    Replies: 15
    Last Post: 10-31-15, 06:53 AM
  3. Android lollipop on BlackBerry Leap?
    By bimaldepp in forum BlackBerry Leap
    Replies: 7
    Last Post: 10-30-15, 02:25 AM
  4. Replies: 4
    Last Post: 10-27-15, 11:22 AM
  5. How can I fix unfortunately my android app stopped working?
    By CrackBerry Question in forum BlackBerry Q10
    Replies: 0
    Last Post: 10-26-15, 05:09 AM