Among several attackers as a means of reaching out to their ultimate objectives via attacking intermediary targets, supply chain attacks are gradually picking up momentum. Very recently a Chinese company was found at the receiving end of such an attack. This organization is involved in the development of iOS software and was exposed to a supply chain attack that could lead to targeting end-users in the longer run.
A Chinese global mobile ad platform, Mintegral was found infected with a malicious software development kit (SDK) known as MintegralAdSDK or SourMint
Posing as a genuine SDK for iOS app developers, researchers stumbled across the SourMint SDK in mid-August 2020. For more than a year this malicious SDK remained hidden within the Apple App Store. It was used in over 1,200 iOS apps, with around 70 apps listed among the top 500 free apps found on the App Store.
- The SDK was uploaded on Mintegral’s GitHub Repository, Cocoapods Package Manager for iOS, and Gradle/Maven for Android, and was made available for download by app developers. While the Android version was found to be non-malicious, the iOS version was deemed as malicious amongst the rest.
- URL-based requests made through apps that use the Advertising SDK are logged and the functional flow of a user’s ad-click on any iOS device is hijacked.
- To commit ad attribution fraud, the deployed apps get infected with malicious code when the SDK is used for iOS application development.
- It is found to be capable of recording user activity, stealing personally identifiable information, and other sensitive information.
Supply Chain Attacks in recent times
- A malicious campaign was found targeting Mac users in mid-august, distributing the XCSSET suite of malware that was being propagated via Xcode developer projects.
- Through supply chain attacks a hacking group called Hacking Bear was found targeting IT systems of German companies in the month of May.
Since July 2019, Sourmint has managed to remain hidden in the Apple App Store. It was able to beat Apple’s security measures for such a long duration due to its sophisticated obfuscations and anti-debugging tricks. To avoid exposure of user data via their applications, software developers need to be cognizant of such supply chain threats.
To read more, please check eScan Blog
