Not something we usually consider as mobile phone owners, is that question of “Where did my application come from? What platforms does it use?” Both questions tie into: “What permissions does my applications require?” Sadly we rarely think of any of these questions, therefore we put our trust in the market store doing the necessary due diligence.
Taomike SDK (Software Development Toolkit) has been used to produce over 63,000 Android applications and is one of the biggest mobile advertisement solutions in China. The reason it is so popular is because it helps developers display ads in their mobile apps and generate revenue. It has been discovered that circa 18,000 Android apps from Taomike SDK have been found to contain malicious code that spies on the user’s SMS messages, according to researchers at Palo Alto Networks.
The security researchers gave the following details:
- The samples that contain the embedded URL, hxxp://126.96.36.199/2c.php perform such functions.
- The software that sends SMS messages as well as the IP address belongs to the Taomike API server used by other Taomike services to the above URL.
- More than 63,000 Android apps in WildFire (we’ll get to that) include the Taomike library, but around 18,000 Android apps include the SMS stealing functionality since August 1, 2015.
- Some of the infected apps even contain or display adult content.
- Users from other countries than China.
- Users that download apps only from the official Google Play store.