Apps on Google Play with 1.5 mn installs found sending sensitive data to China
"They are programmed to launch without users’ interaction and to silently exfiltrate sensitive users’ data towards various malicious servers based in China," it added.
SAN FRANCISCO: Security researchers have found two malicious file management applications on Google Play Store with a collective download count of over 1.5 million that sends sensitive users' data towards various malicious servers based in China.
"Our engine detected two spyware hiding on the Google Play Store and affecting up to 1.5 million users. Both applications are from the same developer, pose as file management applications and feature similar malicious behaviours," said cyber security company Pradeo.
"They are programmed to launch without users’ interaction and to silently exfiltrate sensitive users’ data towards various malicious servers based in China," it added.
Both apps stated they collect no data on the Google Play website; however, the security researchers said that "both spyware collected very personal data from their targets, to send them to a large number of destinations which are mostly located in China and identified as malicious".
The stolen data includes users’ contact lists from the device itself and from all connected accounts such as email, social networks, media compiled in the application: Pictures, audio and video contents, real-time user location, mobile country code, network provider name, and more.
The first app, "File Recovery & Data Recovery," had over a million installs, while File Manager had over 5,00,000. Both apps were uploaded by the same publisher, wang tom.
According to the researchers, the developers use a number of "sneaky behaviours" to boost the programme's popularity, such as generating the appearance that the software is authentic and requiring minimal user involvement to participate in criminal conduct.