Security experts have discovered two malicious file management apps with a combined 1.5 million downloads on Google Play Store that transfer sensitive user data to several malicious servers situated in China.
Two malware that could potentially harm 1.5 million users were found by our engine hidden on the Google Play Store. The same developer created these programs, which pretend to be file management tools and exhibit identical malicious behaviours, according to the cyber security firm Pradeo.
“They are programmed to launch without user interaction and to silently exfiltrate sensitive users’ data towards various malicious servers based in China,” it continued.
However, the security experts claimed that “both spyware collected very personal data from their targets, to send them to a large number of destinations, which are mostly located in China and identified as malicious.” Although both programs claimed on the Google Play website that they do not collect any data.
Users’ contact lists from the device itself and from any linked accounts, including email and social networks, as well as media compiled in the program, including pictures, audio and video contents, real-time user position, mobile country code, network provider name, and more, are among the stolen data.
Over a million people have downloaded the original app, “File Recovery & Data Recovery,” while over 500,000 people have downloaded File Manager. The same publisher, Wang Tom, uploaded both apps.
The researchers claim that in order to increase the popularity of the application, the developers engage in a number of “sneaky behaviours,” such as giving the impression that the software is real and requiring little user participation to engage in illegal activities.
