Mobile security solutions provider Pradeo’s security researchers have discovered spyware hiding on the Google Play Store, impacting potentially up to 1.5 million users. The spyware was found in two seemingly harmless file management apps, File Recovery and Data Recovery (with 1 million installations), and File Manager (with 500,000 installations). These apps were created by the same developer and displayed malicious behavior by self-launching without user interaction and secretly exfiltrating sensitive user data to servers in China.
Both apps claimed not to collect any data from users. However, Pradeo’s blog post revealed that this was a false claim. The spyware collected various personal data from users, including the operating system version, device brand and model, real-time user location, network provider’s name, SIM provider’s network code, mobile phone’s country code, pictures, video, and audio content, as well as the device’s contact lists from all linked accounts, email, and social networks. This data was then transferred to over one hundred different Chinese destinations, all of which were identified as malicious.
To deceive users, the hacker behind the spyware employed several techniques to make the apps appear legitimate. Despite having a large user base, the apps did not feature any reviews. Researchers suspect that the hacker used mobile device emulators or installed farms to artificially inflate the app numbers and improve their rankings on the store. Additionally, the apps required minimal user interaction, as they could launch automatically when the system started. They were also hidden from the home screen, with their icons remaining invisible to prevent easy uninstallation.
Google has since removed the malicious apps from the Play Store. However, if users have downloaded them from third-party stores, it is crucial to delete them immediately. Users should also exercise caution when downloading apps without any reviews, even if they seem popular. Reading through reviews, if available, can help detect any potential foul play.
In order to stay safe, organizations are advised to automate mobile detection and response by vetting apps and ensuring they comply with their security policies. This can help prevent the installation of malicious apps and protect sensitive data from being compromised.
In recent years, there have been several instances of Chinese hackers targeting various entities, including embassies in Europe, with advanced malware. This highlights the need for individuals and organizations alike to stay vigilant and implement robust security measures to safeguard their digital information and devices.
Other recent security threats include a new vishing attack spreading FakeCalls Android malware, Chinese malware infecting European healthcare systems via USB drives, Goldoson Android malware found in popular apps with millions of downloads, and the Chinese Sharp Panda group unleashing the SoulSearcher malware. These incidents serve as a reminder of the ever-present dangers in the digital landscape and the importance of staying informed and taking proactive measures to mitigate risks.