A recent discovery by cybersecurity researchers has revealed that two malicious applications on the Google Play store have been secretly collecting excessive data from users. These apps, installed by a total of 1.5 million users, claim to provide file management and data recovery features but actually exfiltrate sensitive data and transmit it to malicious servers in China.
The malicious spyware applications were identified by Pradeo, a behavioral analysis engine. Despite claiming in the Data Safety section of Google Play that there is “No data collection from users’ devices,” these apps were found to be actively collecting and transmitting data without the knowledge or consent of users.
The two malicious applications in question are “File Recovery and Data Recovery” with 1 million downloads and “File Manager” with 500,000 downloads. These apps have been designed to gather various types of data from users’ devices, including contact lists, media files (such as pictures, audio, and videos), real-time user location, mobile country code, network provider name, network code of the SIM provider, operating system version number, and device brand and model.
What is particularly concerning is that these apps not only collect data, but they also transmit it excessively. Each app sends the collected data to multiple malicious servers, surpassing the normal state with more than a hundred transmissions.
While some data collection may be justified for performance and compatibility purposes, the data collected by these spyware apps goes beyond the scope of file management or data recovery needs. Furthermore, the collection of this unnecessary data is done secretly and without the user’s permission.
To make matters worse, these apps employ various sneaky behaviors to evade detection and removal. They hide their icons from the home screen of the affected device and exploit approved permissions to operate discreetly in the background, even rebooting the device without the user’s knowledge.
To protect against such threats, there are several recommendations that users should follow. Firstly, it is advised to avoid downloading apps without any reviews or those that lack reviews from thousands of users. Reading through reviews thoroughly can provide insight into the true nature of the application. It is also important to carefully review and understand the permissions requested by an app before approving or accepting them. Educating team members about the risks associated with mobile threats and enabling automated mobile detection and response can provide users with secure flexibility.
As the prevalence of malicious apps continues to grow, it is crucial for users to remain vigilant and take necessary precautions to protect their devices and personal data. With the help of advanced cybersecurity measures and user awareness, it is possible to mitigate the risks posed by such malicious applications.