Attack description :
The privacy and security of up to 1.5 million Android users have been compromised as two file management apps on the Google Play Store have been discovered to be spyware. These malicious apps engage in deceptive behavior and surreptitiously transmit sensitive user data to malicious servers in China.
The alarming infiltration was uncovered by Pradeo, a reputable mobile security company. According to their report, the spyware apps in question are File Recovery and Data Recovery (com.spot.music.filedate) with over 1 million installs, and File Manager (com.file.box.master.gkd) with over 500,000 installs. Interestingly, both apps are developed by the same group and employ similar malicious tactics. They automatically launch upon device reboot, operating without any user input.
Contrary to their claims on the Google Play Store, where both apps assure users that no data is collected, Pradeo’s analytics engine has revealed that various personal information is being collected without users’ knowledge. This stolen data includes contact lists, media files such as images, audio files, and videos, real-time location, mobile country code, network provider details, SIM provider network code, operating system version, device brand, and model.
What is particularly concerning is the substantial amount of data transferred by these spyware apps. Each app performs over a hundred transmissions, which is significant for malicious activities. Once the data is collected, it is sent to multiple servers in China, all of which are flagged as malicious by security experts.
Hackers artificially inflated the number of downloads using install farms or mobile device emulators, creating a false sense of trustworthiness. Furthermore, both apps possess advanced permissions that allow them to hide their icons on the home screen, making it difficult for unsuspecting users to remove them.
Impacts : Chinese Spyware Apps Found on Google Play Store, Putting 1.5 millions Android Users at Risk
Take away: China is spying on entire world through different channels.The discovery of these spyware apps highlights the ongoing challenges of ensuring the security and privacy of mobile devices. Users are advised to exercise caution when downloading apps, even from trusted sources such as the Google Play Store. Regularly reviewing app permissions, keeping software up to date, and installing reputable mobile security solutions can help mitigate the risks associated with such malicious activities. Additionally, promptly reporting any suspicious apps to the appropriate authorities is crucial for safeguarding the wider Android user community.
Disclaimer : The information provided herein is on “as is” basis, without warranty of any kind.