Express
Coin responds to SparkKitty virus infection: Risky SDK implanted but never activated, user data always safe
Summary: In response to reports from Securelist today alleging that 'Coin' may have been infected by the new malicious virus SparkKitty, the Coin team has acknowledged integrating a third-party SDK provided by Bitdu exchange, but stated that the high-risk functions related to album permissions and photo uploads in the SDK were always disabled and never activated ...
In response to reports from Securelist today alleging that 'Coin' may have been infected by the new malicious virus SparkKitty, the Coin team has acknowledged integrating a third-party SDK provided by Bitdu exchange, but stated that the high-risk functions related to album permissions and photo uploads in the SDK were always disabled and never activated or triggered, ensuring user data remained unaffected. According to Coin, Bitdu plans to acquire Coin in 2023 and requested access to their SDK for evaluating user engagement. Coin's tech team discovered suspicious behavior inducing the opening of album permissions and photo uploads in the SDK during testing, subsequently blocking the upload function through the interface to prevent potential risks. Coin has initiated a full code security review and pledged to enhance third-party SDK audits and partner background checks to prevent similar incidents from happening again.
Tags:
Link: Coin responds to SparkKitty virus infection: Risky SDK implanted but never activated, user data always safe [Copy]
