Two apps identified on Google Play sending sensitive data to China

Security researchers have recently discovered two malicious file management apps on Google Play. These malicious applications surreptitiously transmit sensitive data of users to multiple servers located in China. The combined number of downloads for both apps amounts to 1.5 million.

“Our engine detected two spyware hiding on the Google Play Store and affecting up to 1.5 million users. Both applications are from the same developer, pose as file management applications and feature similar malicious behaviors," said cyber security company Pradeo.

“They are programmed to launch without users’ interaction and to silently exfiltrate sensitive users’ data towards various malicious servers based in China," it added.

Both apps stated they collect no data on the Google Play website; however, the security researchers said that “both spyware collected very personal data from their targets. That can send them to a large number of destinations which are mostly located in China and identified as malicious".

The data that is stolen includes users’ contact lists from the device itself and all connected accounts such as email, social networks, and media compiled in the application: Pictures, audio and video contents, real-time user location, mobile country code, network provider name, and more.

The first app, “File Recovery & Data Recovery," had over a million installs, while File Manager had over 5,00,000. Both apps were uploaded by the same publisher, wang tom. These are posing a threat as sensitive data is transferred through them.

According to the researchers, the developers use several “sneaky behaviors" to boost the program’s popularity. For instance, generating the appearance that the software is authentic and requires minimal user involvement to participate in criminal conduct.