Sign up to save your podcasts
Or
Share Exposing The SourMint Scandal With Danny Grander
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Exposing The SourMint Scandal With Danny Grander
Many developers and publishers serve as unwitting vehicles for malware. Today we speak with Snyk co-founder and Chief Security Officer Danny Grander about SourMint — a malicious SDK that has been integrated into popular apps, seeing a total of 1.2 billion downloads per month. That was before it was exposed by the Snyk research team. We open our conversation by summarizing the scandal and unpacking what SourMint is, with details on how it tracks Android and iOS user behavior while allowing for remote command execution. We then dive into how Mintegral, the creators of the SDK, hid its behavior before exploring the range of apps affected by SourMint. After chatting about the role that Snyk plays in hunting for malicious code, Danny shares insights into how they discovered SourMint. We talk about SourMint’s victims and how we can assign responsibility to both developers and marketplace vendors. Near the end of the episode, we reflect on the challenge of protecting people who are using old versions of apps that still have malicious SDK integrated into them. While the scale of SourMint’s reach seems unprecedented, it's a story that’s becoming increasingly common. Tune in to hear what we can do to protect ourselves from malicious code.
Follow Us
- Our Website
- Our LinkedIn
View all episodes
By Snyk
4.7
2121 ratings
Many developers and publishers serve as unwitting vehicles for malware. Today we speak with Snyk co-founder and Chief Security Officer Danny Grander about SourMint — a malicious SDK that has been integrated into popular apps, seeing a total of 1.2 billion downloads per month. That was before it was exposed by the Snyk research team. We open our conversation by summarizing the scandal and unpacking what SourMint is, with details on how it tracks Android and iOS user behavior while allowing for remote command execution. We then dive into how Mintegral, the creators of the SDK, hid its behavior before exploring the range of apps affected by SourMint. After chatting about the role that Snyk plays in hunting for malicious code, Danny shares insights into how they discovered SourMint. We talk about SourMint’s victims and how we can assign responsibility to both developers and marketplace vendors. Near the end of the episode, we reflect on the challenge of protecting people who are using old versions of apps that still have malicious SDK integrated into them. While the scale of SourMint’s reach seems unprecedented, it's a story that’s becoming increasingly common. Tune in to hear what we can do to protect ourselves from malicious code.
Follow Us
- Our Website
- Our LinkedIn
More shows like The Secure Developer
View all
Risky Business
361 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
628 Listeners
The Changelog: Software Development, Open Source
283 Listeners
The Cloudcast
152 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
Thoughtworks Technology Podcast
42 Listeners
Software Engineering Daily
625 Listeners
AWS Podcast
203 Listeners
Smashing Security
311 Listeners
Darknet Diaries
7,875 Listeners
Kubernetes Podcast from Google
181 Listeners
CISO Series Podcast
187 Listeners
Defense in Depth
76 Listeners
Risky Bulletin
33 Listeners
The 404 Media Podcast
312 Listeners