2,846 iOS Apps Have a Backdoor Thanks to a Chinese Advertising Company

SillyBilly299

Level 17
Thread author
Verified
Top Poster
Well-known
Apr 26, 2015
815
Security researchers from FireEye have discovered that the mobiSage SDK (software development kit) from adSage, a Chinese advertising firm, is secretly opening backdoors on iOS devices.

FireEye has found this backdoor in 2,846 iOS apps, of which Apple was notified of, and later removed from the App Store.

According to researchers, the backdoor code was hidden in the mobiSage SDK, which iOS developers used inside their apps to show ads.

The SDK contained two components, one written in Objective-C that initiated the backdoor code, and one component written in JavaScript, which was actively contacting a Web server and requesting instructions. Commands from this server would arrive on the device as ads shown through the SDK.

The backdoor had full spying capabilities
The backdoor had the possibility to make screenshots, record audio, get geo-location details, read/create/edit/delete files and keychain data (password storage), open URLs, launch apps, side-load other apps from unofficial Apple sources, encrypt data, and then sending to a C&C server.

Only SDK versions 5.3.3 to 6.4.4 contained the backdoor functionality. FireEye researchers say that the recent version of the SDK does not include the malicious code anymore.

In spite of the malicious functionality, during the time FireEye researchers monitored the SDK, no unusual communications or malicious activity was detected.

"It is unclear whether the potentially backdoored versions of the ad library were released by adSage or if they were created and/or compromised by a malicious third party," FireEye noted.

Chinese advertising firms have a knack for stealing user data
Before the adSage incident, three other cases of malicious code hidden in SDKs were reported.

1. The Taomike SDK, that was secretly stealing SMS messages from over 18,000 Android devices and uploading them to a server in China.

2. The Youmi SDK that was snooping on users, found in 256 iOS apps, which Apple eventually banned from the App Store.

3. The Baidu SDK which installed a similar backdoor on over 14,000 Android applications.

All of these SDKs were developed by Chinese companies.
 
  • Like
Reactions: Logethica

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top