Backdoored ad library exposes 'thousands' of iOS apps to malicious activity

mobiSage ad library used by over 2,000 apps provides backdoor access to data and devices, FireEye says

Tags: Apple IncorporatedFireEye (www.fireeye.com)
  • E-Mail
Backdoored ad library exposes 'thousands' of iOS apps to malicious activity FireEye said a total of 2,846 apps original published on the Apple App Store had been affected
By  Tom Paye Published  November 5, 2015

A "high-risk" code has affected thousands of iOS apps through "backdoor" versions of an ad library, according to a report put out by FireEye today.

According to the security vendor, an error in the ad library, thought to be adSage's mobiSage SDK, has allowed backdoor access to a total of 2,846 apps original published on the Apple App Store. These apps used the mobiSage ad library to display ads, potentially allowing for malicious access to sensitive user data and device functionality.

"The backdoors can be controlled remotely by loading JavaScript code from a remote server to perform a number of actions on an iOS device, such as capturing screenshots, monitoring and uploading the location of a device, modifying files in the app's data container, posting encrypted data to remote servers, and opening URL schemes to identify and launch other apps installed on the device," FireEye said in a statement.

adSage is based in China and its mobiSage SDK is used mainly by Chinese app developers to display ads.

Seventeen distinct versions of the backdoored ad library were discovered (version codes 5.3.3 to 6.4.4). However, in the latest mobiSage SDK publicly released by adSage - version 7.0.5 - the backdoors are not present, FireEye said.

The vendor added that it is unclear whether the backdoored versions of the ad library were released by adSage, or created and/or compromised by a malicious third party. Either way, among the 2,846 apps containing the backdoored versions of mobiSage, there have been over 900 attempts to contact an ad server capable of delivering JavaScript code to control the backdoors.

FireEye added that the ad library could also expose users to additional risks such as the background monitoring of SMS or phone calls, stealing email messages and demolishing arbitrary app installations.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code