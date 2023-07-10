



Two apps with over 1.5 million downloads on the Google Play store have been discovered spying on users and sending data to China.

Researchers at cybersecurity firm Pradeo have discovered two malicious apps on Google Play that stop spyware and monitor up to 1.5 million users.

Both applications, file management apps from the same developer, have been spotted sending data to multiple servers in China.

The first app “File Recovery and Data Recovery” (com.spot.music.filedate) has over 1 million installs and the second app “File Manager” (com.file.box.master.gkd) Over 500,000 installations.

“They are programmed to activate without user intervention and silently exfiltrate sensitive user data to various malicious servers based in China. We have alerted Google about this finding.” Read the analysis published by Pradeo.

The two apps steal a wide range of information including user’s contact list, media files (photos, audio and video content), real-time location, mobile phone country code, network provider name, SIM provider network code. Designed. , operating system version, device brand and model.

Researchers noticed that both apps performed over 100 transmissions of collected data. This is unusual for modern spyware.

These two apps have a lot of users, but no reviews. This situation suggests that the attacker used her emulator to install her farm or her mobile device her emulator to spoof the number of users and increase the rank of the app in the store.

Media compiled by the application: Photo, audio and video content Real-time user location Mobile country code Network provider name SIM provider network code Operating system version number (which can lead to vulnerable system exploits like Pegasus spyware) Yes) device brand and model

Two apps have advanced permissions that hide their icons from the general view to make uninstalling difficult.

Here are some recommendations from experts:

First, I would recommend anyone using these applications to remove them.

as an individual

Never download an application without reviews while it has thousands of users. If there are reviews, read them. Reviews usually reflect the essence of the application. Always read the permission carefully before accepting it.

as an organization

Sensitize collaborators about mobile threats. Give users secure flexibility by automating mobile detection and response, scrutinizing applications, and preventing them from launching if they don’t comply with security policies.

This discovery is not a special case. Unfortunately, several malicious apps have been found to be available through the official Google Play store in recent years, highlighting the need to refine the app analysis process during the launch stage and throughout its lifecycle within the app store. I’m here. My recommendation is to only install applications you know and trust, published by developers, and most importantly, you really need.

Pierluigi Paganini

(Security issue, Android)

