Apps On Google Play With 1.5 Million Installs Caught Sending Sensitive Data To China
Two file management applications on the Google Play Store, discovered by security researchers, have been found to send sensitive user data to malicious servers in China. These apps have been downloaded over 1.5 million times.
“Our engine detected two spyware lurking in the Google Play Store affecting up to 1.5 million users. Both apps are from the same developer, work as file managers, and contain similar malware,” said cybersecurity company Pradeo.
“They are programmed to launch without user interaction and silently exfiltrate sensitive user data to various malicious servers located in China,” it added.
Both apps stated that they do not collect data from the Google Play website; However, security researchers said that “both spyware collected highly personal information about their targets to send to multiple destinations, mostly located in China and identified as malicious”.
The stolen data includes user contact lists from the device itself and all connected accounts, such as email, social networks, media compiled into the application: images, audio and video content, real-time user location, mobile phone country code, network service provider name, and more.
The first app, “File Recovery & Data Recovery”, had over 1 million installs, while File Manager had over 5,00,000. Both apps were uploaded by the same publisher, Wang tom.
According to researchers, developers use a number of “top behaviors” to increase a program’s popularity, such as creating the impression that the software is genuine and requires little user involvement in criminal activity.