In an era where data privacy and security are of paramount importance, a recent discovery has raised eyebrows in the cybersecurity community. Two applications hosted on Google Play, with a combined download count exceeding 1.5 million, were found to be transmitting user data to servers located in China. This revelation underscores the ongoing challenges in ensuring data privacy and security in the global digital landscape.
The Discovery
The two applications, identified as “File Recovery and Data Recovery” and “File Manager,” were detected by Pradeo’s security engine. Both applications are from the same developer, pose as file management applications, and feature similar malicious behaviors. They are programmed to launch without users’ interaction, and to silently exfiltrate sensitive users’ data towards various malicious servers based in China. Pradeo alerted Google of the discovery before publishing this alert.
Breached Data: From Contacts Lists to All Media
Contrary to the applications’ profiles on the Google Play Store, which claim they do not collect any data from users’ devices, Pradeo’s behavioral analysis engine found that both spyware collect very personal data from their targets. This data is then sent to a large number of destinations, mostly located in China and identified as malicious. Stolen data include users’ contact lists, media compiled in the application, real-time user location, mobile country code, network provider name, network code of the SIM provider, operating system version number, and device brand and model. Each application performs more than a hundred transmissions of the collected data, an amount that is so large it is rarely observed.
Sneaky Behaviors Used by the Hacker to Increase Success
The hacker used several tactics to increase the success of the spyware. These include looking legitimate by faking user population numbers, requiring less user interaction by inducing the restart of the device, and preventing uninstallation by hiding the app icon from the general view. To delete them, users require going to the application list in the settings.
Advice for Users
Firstly, anyone using these applications is advised to delete them. As an individual, do not download applications that do not have any reviews while thousands of users. Read reviews when there are any, they usually reflect the applications’ true nature. Always carefully read permissions before accepting them. As an organization, sensitize collaborators on mobile threats and automate mobile detection and response to offer a secure flexibility to users, by vetting applications and preventing their launch when non-compliant with your security policy.
Conclusion
In conclusion, this incident underscores the importance of vigilance in the digital age. As users, we must be proactive in protecting our data and understanding where and how it is being used. As for app developers and platform providers, they must continue to prioritize user privacy and security, ensuring that incidents like this become the exception, not the norm.