A new cybersecurity report reveals that thousands of popular iOS apps have been infected by malicious code.
According to the report, these iOS apps are using the popular Chinese mobile SDK. The code appears to trick the device into siphoning revenues from ads. More than 1200 apps were reportedly infected and have racked up more than one billion total installs.
According to a cybersecurity firm, the malicious code was traced back to the Chinese advertisement network called Mintegral. The firm is now facing accusations of spying on millions of users and committing advertisement frauds. The firm operates from Beijing and is owned by another Chinese ad company named Mobvista.
— Mintegral (@MintegralInc) August 25, 2020
Security researchers from Snyk report that one particular infected app has racked up a total of 500 million installs. Other iOS apps that are known to be infected are PicsArt, Gardenscapes, Talking Tom, and Subway Surfers.
Collectively, the infected apps may have been installed by unknowing users a total of one billion times. This figure includes installs on both iPhone and iPad devices. Snyk said that it had already notified Apple about the malicious SDK weeks ago.
In a statement, Snyk chief security officer Danny Grander said:
“We identified an SDK malicious component that is getting integrated into different iOS applications and getting into the App Store.”
Following the discovery, Mintegral denies the allegations. The firm adds that it is in compliance with Apple’s terms of service.
How the SDK functions
Software Development Kits (SDK) are components that developers use to add functionalities to their apps. In other words, this allows the developer to easily add functions into their app without having to write the code. SDK are considered integral in mobile app development.
Unfortunately, the main purpose of the Mintegral SDK is to siphon ad revenues. It spies on user activities, including whether the user clicked on an ad when they install an app.
Most companies pay ad firms every time a user successfully installs an app. In this case, the Mintegral SDK sends out a fake claim credit for the install.
Considering the reports, it appears that the Mintegral SDK collects a lot of user data to appeal to its target. Among the data collected by the SDK are IP address, OS version, network type, and the device model.
Recently, ad frauds are becoming a trend nowadays since they are relatively easy to execute. In terms of security, all iOS apps are subjected to strict terms from Apple. This means that the malicious SDK cannot go beyond what is permitted for it to access.
Featured image courtesy of Hadrian/Shutterstock