Two malicious file management applications with over 1.5 million downloads combined that send sensitive user data to various malicious sites based in China have been discovered by security experts in Google Play Store.
“Our engine detected two spyware hiding on the Google Play Store and affecting up to 1.5 million users. Both applications are from the same developer, pose as file management applications and feature similar malicious behaviors,” said cyber security company Pradeo.
“They are programmed to launch without users’ interaction and to silently exfiltrate sensitive users’ data towards various malicious servers based in China,” it added.
Both apps stated they collect no data on the Google Play website; however, the security researchers said that “both spyware collected very personal data their targets, to send them to a large number of destinations which are mostly located in China and identified as malicious”.
Users’ contact lists from the device itself and from all connected accounts, including email and social networks, as well as media compiled in the application, including pictures, audio and video contents, real-time user location, mobile country code, network provider name, and more, are among the stolen data.
Deceptive Tactics by Publisher: Millions Fall Victim to Malicious Apps on Google Play Store
Over a million people have installed the very first app, “File Recovery & Data Recovery,” while over 500,000 people have installed File Manager. The same publisher, Wang Tom, uploaded both apps.
To increase the popularity of their programs, the developers employed a variety of deceptive tactics. To engage in malicious activities, these tactics require minimal information from users and an appearance of authenticity. These programs harmed users without their knowledge since they ran invisibly in the background without consent.
The discovery of these malicious programs underscores the importance of maintaining vigilance and taking caution when downloading applications from app stores. Despite the security measures the Google Play Store employs to minimize the presence of harmful apps, some evade the review process. To protect their devices and personal information, users are advised to review app permissions, read user reviews, and install reputable mobile security solutions.
These harmful apps have been notified to Google, and it is expected that they will be swiftly taken removed from the Play Store to prevent users from further harm. The incident serves as a reminder for users to use caution and to be aware potential safety hazards when using mobile applications.