Just last weekend, we wrote about SonicSpy, a grossly robust piece of malware that infected hundreds of apps on the Play Store. Google is always quick to remove this awful junk when it is detected, but the fact that we keep talking about the issue means it's not going away.
It was security research firm Lookout that informed us of SonicSpy, and apparently, the company has been working overtime, as it now introduces us to yet another piece of Android maliciousness, an ad network called lgexin. This issue has impacted many apps on the Play Store, although it's not guaranteed that all of them unleashed their full capabilities.
lgexin is an advertising SDK which had some versions equipped with a hidden ability to download plugins at will. It's these plugins that wreak havoc, not the SDK itself. This is why some apps may have never had any damage done. Even so, merely using lgexin in an app meant that users were put at risk for being spied on.
Unfortunately, this is one of the wider reaching malware attacks, as some apps which contained the SDK were downloaded in the millions - one app was downloaded at least 50 million times. If infected, user data would be at risk, and it doesn't appear that it'd be readily apparent to the user.
Thanks to Lookout's valiant efforts, Google has removed all of the affected apps from the Play Store, although some have been reinstated after being updated to remove the offending lgexin tie-ins.