Google Play Store malware installed on 1.5 million Android devices
#1
Exclamation 
Quote:Google's Play Store is the go-to store for most Android users when it comes to installing new apps and games for the operating system.

Like Google's Chrome Web Store, which is the place to install Chrome extensions, Google's Play Store has had its fair share of malicious apps and games that were offered to users.

Just recently, it became known that malicious authenticator apps were listed on the official store. Back in 2022, researchers discovered apps with malware that were downloaded 500,000 times by users, and just last month, security researchers discovered a malicious SDK in a number of apps.

Security researchers at Pradeo have discovered two spyware applications on Google Play that were downloaded more than 1.5 million times by Android users.

The applications, File Recovery & Data Recovery (com.spot.music.filedatecom.spot.music.filedate) and File Manager (com.file.box.master.gkd), disguised themselves as file management applications. Their main purpose of them was to send as much user data as possible to servers in China.

File Recovery & Data Recovery was downloaded more than 1 million times from Google Play, File Manager more than 500,000 times. Both applications listed fake Data Safety information on Google Play, claiming that they were not collecting any data.

Data Safety is mandatory information that app developers need to provide about their apps. The information that developers submit is not verified manually by Google.

Both applications had a relatively large number of downloads but no reviews. The researchers suggest that the developers of the app could have enhanced downloads artificially, for example, by using installation farms or mobile device emulators.

Pradeo researchers discovered that the two applications were busy as a bee collecting data from devices they were installed on. Data included:
  • The contact lists from the device and from connected accounts, e.g., email accounts, social networking accounts.
  • Media, such as pictures, audio or video.
  • Real-time user location data.
  • Mobile country code.
  • Network provider name.
  • Network code of the SIM provider.
  • Version of the operating system.
  • Device brand and model
The installed applications performed "more than a hundred transmissions of the collected data", which, the researchers write, is "so large it is rarely observed".

The applications in question are no longer listed on Google Play at the time of writing. Android users may want to check the list of installed programs to uninstall the apps, if they are still installed on their devices.

Pradeo notes that both applications hid their application icon on the home screen to make the uninstallation difficult. Android users have to open Settings > Apps to get a list of all installed applications and uninstallation options.

Now You: do you vet apps before you install them?
...
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
GFYI [Official] Ashampoo® Photo Optimiz...
"Share feedback...damien76 — 21:21
AdGuard v4.9 for Android
AdGuard v4.9 for A...harlan4096 — 18:01
New Windows 11 Start Menu will merge pin...
Microsoft is revam...harlan4096 — 17:58
NFC carders hide behind Apple Pay and Go...
Cybercriminals are...harlan4096 — 10:01
AdGuard Browser Extension 5.0.216 (MV3 s...
AdGuard Browser Ex...harlan4096 — 09:57

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (44)wapedDow
avatar (48)oapedDow
avatar (41)Sanchowogy
avatar (45)MeighGoask
avatar (46)creatralGuelm
avatar (37)procnipsut
avatar (43)accenwibly
avatar (40)ahyvily
avatar (37)urumahiz
avatar (43)techlignub
avatar (42)Stevenmam
avatar (49)onlinbah
avatar (49)fuspeukChark
avatar (43)werriewWaiNg
avatar (37)Freemanleo
avatar (42)cdoubapKit
avatar (37)lystraPonia
avatar (30)smith8395john
avatar (50)steakelask
avatar (44)Termoplenka
avatar (42)bycoPaist
avatar (48)pieloKat
avatar (42)ilyagNeexy
avatar (50)donitascene
avatar (50)burntLaw
avatar (40)MrDoorsskibheeds
avatar (50)Toligo
avatar (45)Rodneykak
avatar (48)tradeSmode
avatar (38)vemedProkbior
avatar (37)RobertUtelt
avatar (45)JamesZic
avatar (42)Sanfordbup
avatar (37)Der.Reisende

[-]
Online Staff
There are no staff members currently online.

>