Dive Brief:

• Security researchers from Trend Micro said a software development kit (SDK) used by thousands of Android apps contains a feature that gives attackers backdoor access to users' devices.
• The kit is called Moplus and it was developed by Chinese Internet services company Baidu.
• The SDK was integrated into more than 14,000 apps used by over 100 million people, according to Trend Micro.

Dive Insight:

The Moplus SDK opens an HTTP server on devices where affected apps are installed. Attackers can then send requests to the hidden HTTP server and execute commands that were implemented in the SDK. These can be used to extract sensitive information, as well as allow for the silent installation of applications. Trend Micro researchers say they already found a worm that exploits this backdoor to install unwanted applications.

Trend Micro researchers say the Moplus flaw may be worse than the Android Stagefright flaw because Stagefright required attackers to trick users into opening malicious URLs.

After being notified of the flaw, Baidu released a new version of the SDK and removed some commands, but Trend Micro said the HTTP server is still being opened and some functionality can still be abused.

Truly fixing the issue will depend on how quickly the third-party developers that used the SDK will update their apps.