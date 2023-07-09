Two applications for managing files on the Google Play Store were discovered as spyware applications, jeopardizing the privacy and security of up to 1.5 million Android users. These apps engage in deceptive behavior and secretly send sensitive user data to malicious servers in China.

What are these two spyware applications

Pradeo, a renowned mobile security company, discovered this worrying infiltration: The relationship shows that both spyware applications ie File Recovery and Data Recovery (com.spot.music.filedate) with over 1 million installs, and File Manager (com.file.box.master.gkd) with over 500,000 installations, are developed by the same team; these seemingly harmless Android applications employ similar malicious tactics and launch automatically when the device is rebooted without any user input.

Contrary to what is stated on the Google Play Storewhere both spyware applications assure users that no data is being collected, Pradeo’s analytics engine has discovered that various personal information is being collected without users’ consent. The stolen data includes contact lists, media files (pictures, audio and video files), real-time location, mobile country code, network provider details, SIM provider network code, OS version, brand and device model.

What is of particular concern is the large amount of data transferred by these spyware applications. Each app makes over a hundred broadcasts, which is a considerable amount for malicious activity. Once the data is collected, it is sent to multiple servers in China that are deemed malicious by security experts.

To make matters worse, the developers of these spyware apps used sneaky techniques to appear more legitimate and make it difficult to uninstall them. Hackers have artificially increased the number of spyware application downloads with fake installations or mobile device emulators, creating a false sense of trustworthiness. Additionally, both apps have advanced permissions that allow them to hide their icons on the home screen, making it difficult for unsuspecting users to uninstall.

Pradeo provides safety recommendations for individuals and businesses in light of this disturbing discovery. Individuals should be wary of downloading apps, especially those without ratings if they claim to have large user bases. It is extremely important that you read and understand app permissions before accepting them to prevent violations like this one.

Organizations should prioritize educating their employees about mobile threats and build automated mobile detection and response systems to protect against potential attacks.

This incident highlights the ongoing battle between cyber security experts and malicious actors who exploit unsuspecting users; malware “attacks” and spyware applications are constantly evolving and finding new ways to infiltrate trusted platforms like the Google Play Store. As a user, it is vital that you remain vigilant, exercise caution when downloading apps, and trust reputable sources for software.

What to do if you have them on your phone

First if you have created an account, delete that account if possible, accordingly delete the applications from your phone and possibly do a scan (for example with Malwarebytes).

It is true that having applications that make life easier in the Android ecosystem is a beautiful and very functional thing, but sometimes the applications on the Play Store manage to bypass Google’s controls.

Prevention is better than cure: here we are talking about the file manager (Google’s already exists and there are several Open Source ones both on F-Droid and on the Play Store) and “data recovery” (again, same thing); just like the Windows drivers, you must always use the official channels, never the alternative ones except in some small cases.