In episode 81 of The Secure Developer, Guy Podjarny is joined by Danny Grander, Co-founder and Chief Security Officer at Snyk, to discuss SourMint – a malicious SDK that has been integrated into popular apps, seeing a total of 1.2 billion downloads per month. This was before it was exposed by the Snyk research team! Here, we summarize the scandal and unpack exactly what SourMint is, with details on how it tracks Android and iOS user behaviour while allowing for remote command execution. Guy and Danny also reflect on the challenge of protecting people who are using old versions of apps that still have malicious SDK integrated into them.
- Read more about our latest findings. https://snyk.io/blog/remote-code-execution-rce-sourmint/
- Read more about the data collection and attribution fraud: https://snyk.io/blog/sourmint-malicious-code-ad-fraud-and-data-leak-in-ios/
- Technical Research Writeup: https://snyk.io/research/sour-mint-malicious-sdk/
- Or watch Danny’s session at SnykCon: https://www.youtube.com/watch?v=uUbJjH9M3Oc