New research has uncovered two harmful apps on the Google Play store, which have been downloaded 1.5 million times, and are capable of stealing private data, contacts and media.
It's not the first time data-harvesting apps have been found on the Play Store. The apps, called “File Manager” and “Super File Manager,” have been posing as legitimate file management applications.
The apps can launch without user interaction in order to access sensitive information and send it to various malicious servers based in China.
The Two Malicious Apps Named
Pradeo, the Mobile security solutions company who discovered the security breach this week, claim that both apps feature similar malicious behaviors. The company has alerted Google, who have removed the two apps in question.
According to the report authored by Roxane Suau and published on July 6th, 2023, both were created by the same developer.
Check your device for the following apps:
- File Recovery and Data Recovery – com.spot.music.filedate – 1M+ Installs
- File Manager – com.file.box.master.gkd – 500K+ Installs
These malicious apps are designed to trap users. The hacker uses techniques to make them appear more credible and make them difficult to detect and remove.
Here are some specific examples of the techniques used:
- The hacker used mobile device emulators or installed farms to inflate user numbers and improve the apps’ ranking on the store.
- The hacker modified the apps so that they launch automatically when the device starts.
- The hacker hides the apps' icons from the home screen.
These techniques are designed to make it difficult for users to detect and uninstall malicious apps.
What Information are Malicious Apps Stealing?
Both apps falsely claimed that they don’t collect any data. According to the Pradeo report, the apps were stealing:
- Users’ contact lists from the device itself and from all connected accounts such as email, social networks
- Media compiled in the application: Pictures, audio and video contents
- Real time user location
- Mobile country code
- Network provider name
- Network code of the SIM provider
- Operating system version number, which can lead to vulnerable system exploit like the Pegasus spyware did
- Device brand and model
Tips For Staying Safe Online
Although Google has now removed these spyware apps, anyone with them on their devices should delete them immediately, as they still pose a threat.
In addition to uninstalling the apps, users should also be aware of the permissions that they grant to apps when they install them. Apps that request unnecessary permissions, such as access to your location or contacts, should be viewed with suspicion. Never download apps that have no reviews but thousands of users, this is a major sign of foul play.
It is also important to use a security app on your Android device. A security app can scan your device for malware and other threats, and it can also help you to protect your privacy by showing you which apps have access to your sensitive data.
Apple’s iPhones, on the other hand, have security features built into their device’s hardware but are still advised to follow the above advice as well as perform safety checks periodically or when they think they might be under threat.
Organizations should find solutions to automate mobile detection and response to vet applications and block any that do not comply with their security policy.