The simple truth is that we’re being monitored 24/7, whether we like it or not. If you’re on the Internet, you’re not anonymous anymore. If you’re running a third party Android application, you may have suffered private messages theft.
At least 18,000 Android apps that were built with the Taomike SDK – one of the largest mobile advertisement solution platforms in China – were detected to have included SMS theft components.
The Chinese monetization library Taomike SDK has been used in more than 63,000 Android application. Fortunately, only 18,000 are said to have been noticed to contain the Trojan-like feature. That’s what researchers at Palo Alto Networks reported, since they were the ones that made the discovery.
Another conclusion they have made is that the suspicious apps have been continuously grabbing copies of all text messages sent to infected devices. This has been going on since August 11, 2015.
Were the Suspicious Apps Available on Google Store?
They weren’t. The SMS stealing apps are distributed via third-party mechanisms in China. Their developers have included a specific library known as “zdtpay” SDK library that enabled the bad behavior.
Researchers at Palo Alto believe that only a later version of the Taomike SDK includes this library. That’s why only applications released around August 2015 were detected as suspicious.
How Was the Message Theft Disclosed?
Researchers unveiled the case thanks to an embedded URL hxxp://126.96.36.199/2c.php that was contained within the apps. The URL represents the address to which the harvested texts were uploaded. The IP address in the URL was discovered to belong to the Taomike API server. The company may be using the server for other services, too.
The “zdtpay” SDK library has been reported to request network and SMS access permissions. It is also capable of registering receiver names.
Monetization platforms are often used to boost income. They offer libraries that are easily accessed by developers and the latter often implement them into their work. As expected, third party advertising platforms cannot be trusted. Developers that rely on suspicious services should always monitor their apps closely. Any suspicious behavior should be reported timely.