More than 4.5 million users infected with adware thanks to chat SDK
App developers who have used the Ya Ya Yun SDK may have been unknowingly delivering malware to their app users. One of the components within this SDK that is used to offer in game chat features to apps, was actually delivering fraudulent adware.
Security researchers at Dr. Web discovered the malicious activity last week within multiple apps, many of which could be found on the Google Play Store. As many as 4.5 million users may have been affected by the infection.
This component within the SDK not only provided the chat functionality which developers would want within their legitimate apps, it would also do a few things in the background. It would proceed to download images. These images would not be the sort to warrant any distrust. Simple generic images like app icons, however hidden within these images were malicious components which would be unpacked and proceed to open URL’s within a hidden browser resulting in fraudulent add clicks for the malware creators. It may be something which a user would never even notice, even though it would be using the processing power, battery, and data of the user’s device. While this attack was focused on adware, security researchers were quick to point out that this campaign could easily be changed to download other malicious code.
In all, this code was found in 27 apps available within the Google Play Store. Google has been notified of the infection, however many of the apps are still available to download. In many cases like this where the applications are legitimate applications, and the developer was unaware of the tainted aspect found within their apps, Google will pull the app until the app is updated with non-malicious code. Hopefully that has already happened with the apps which can still be found on the Google Play Store.
Source: Bleeping Computer