Few people are surprised by the presence of malicious applications in Google Play Store, but usually hackers, ransomware gangs and other intruders are involved in malicious software distribution. Accordingly The Wall Street Journalthe US intelligence services have also joined this company – according to some information, SDKs built into some applications send information to one of the contractors working for the American intelligence community.
At the heart of the project is a Panama-registered Measurement Systems company. Notably, a little-known company with an even lesser-known SDK with no obvious useful features offered software developers to add the SDK to their applications, offering $100 to $10,000 in return. The SDK was reportedly used in weather software and road radar search software, applications for Muslim prayer houses and many other programs. Compromised applications were reportedly downloaded more than 60 million times.
Measurement Systems informed the developers who agreed to collaborate that the data will be collected for Internet service providers, energy companies and financial services companies. The company said that information from the Middle East, Asia and Central and Eastern Europe was of particular interest. It is noteworthy that data on these regions typically generate much less interest than data on the more affluent and prosperous US and Western Europe. For example, one of the weather apps proved to be very popular with users from Iran, which is of great interest to US intelligence services.
After activating the SDK, a large amount of data was collected, including the exact location of the device, phone number, email address, information about nearby devices. In addition, access to information from the clipboard was granted, including any passwords. The SDK may have partially scanned the file system, including folders where files from WhatsApp are usually stored.
The malware was first discovered by AppCensus, a mobile cybersecurity company whose founders conduct research in this field at leading American universities, among others. The company called the software “the most privacy invasive SDK you’ve seen in the last six years of mobile app review”.
After the information was released, Google quickly began removing malicious applications from the Play Store, and Measurement Systems suddenly stopped collecting data. Google said software developers can return applications to the store after removing the malicious SDK.
There are some well-known apps that you should immediately remove from your devices and wait for them to reappear on the Play Store (quoted from the Android Authority portal list):
- speed camera radar
- Al-Moazin Lite (Prayer Times)
- WiFi Mouse (Remote Control PC)
- QR and barcode scanner
- Qibla Compass – Ramadan 2022
- Simple weather and clock widget
- Handcent Next SMS – text with MMS
- SmartKit 360
- Al Quarun Mp3 – 50 Reciters & Translation Audio
- Audiosdroid Audio Studio DAW – Apps on Google Play.