Researchers from Palo Alto Networks, has confirmed that Taomike, a Chinese mobile advertising company, has been distributing a malicious Software Development Kit (SDK) that allows Android developers for implementing in-app purchases (IAPs) for Android apps.
The SDK, which can be downloaded for free via Taomike, steals all messages on infected phones and sends them to the Taomike controlled server.
The SDK is being offered as a free download by Chinese company Taomike, and can be used to allow Android developers to create mobile apps that provide in-app purchases via SMS messages.
Palo Alto Networks posted in a blog stating since August 1, Palo Alto Networks WildFire has captured over 18,000 Android apps that contain the library. These apps are not hosted inside the Google Play store, but are distributed via third party distribution mechanisms in China... Click Here