Malicious file management applications posing as legitimate apps have been discovered on the Google Play Store, collectively accumulating over 1.5 million downloads. Cybersecurity firm Pradeo identified two spyware apps from the same developer that exhibited similar malicious behaviours. These apps, disguised as file management tools, secretly exfiltrated sensitive user data to malicious servers based in China.
Although the apps claimed not to collect any data on the Google Play website, the security researchers found that they collected highly personal information from users and sent it to multiple destinations, primarily located in China and identified as malicious. The stolen data included contact lists, both from the device itself and connected accounts such as email and social networks. Additionally, the apps gathered media content such as pictures, audio, and video, as well as real-time user location, mobile country code, network provider name, and more.
The first app, called "File Recovery & Data Recovery," had over a million installs, while the second app, File Manager, had over 500,000 installs. Both apps were uploaded by the same publisher, identified as wang tom, the IANS report stated.
The developers employed various deceptive tactics to enhance the popularity of their programs. These tactics included creating the appearance of authenticity and requiring minimal user interaction to engage in malicious activities. Users were unknowingly victimized by these apps, as they operated silently in the background without user consent.
The discovery of these malicious apps underscores the importance of maintaining vigilance and taking precautions when downloading applications from app stores. While Google Play Store employs security measures to minimize the presence of harmful apps, some still manage to slip through the vetting process. Users are advised to review app permissions, read user reviews, and install reputable mobile security solutions to protect their devices and personal information.
Google has been notified about these malicious apps, and it is expected that they will be swiftly removed from the Play Store to prevent further harm to unsuspecting users. The incident serves as a reminder for users to exercise caution and remain aware of potential threats while using mobile applications.