Two spyware applications masquerading as file management tools have been discovered in the Google Play Store with a total of at least 1.5 million installs.
The apps, attributed to the same developer and discovered by a cyber security company Pradio, exhibit similar malicious behaviors and operate without user interaction. Their main goal is to extract and covertly transfer sensitive user data to malicious servers based in China. the findings Report to them Google.
One of the spyware applications falsely claimed in its Google Play Store profile that it does not collect user data.
“The reports from our behavioral analysis engine show that both spywares collect highly personal data from their targets to send to a large number of targets located mostly in China and identified as malicious,” explained Roxanne Suo, the Pradio researcher who uncovered the spyware.
In addition to collecting personal information from users’ devices, such as contact lists and media files (image, audio and video files), the apps transfer the stolen data to several malicious servers located mainly in China.
Read more about Chinese spyware: CISA: Patch Bug exploited by Chinese e-commerce app
The volume of data transmitted by the spyware sets it apart from typical cases. Each app sends the stolen data more than a hundred times.
To maximize their success, the hackers behind the spyware employ several tactics. The applications falsely increase their credibility by artificially inflating the number of installs, a technique achieved through install farms or mobile device emulators.
In addition, the spyware uses advanced permissions to cause the device to restart, allowing for automatic activation and restart upon restart, as well as techniques to make uninstalling difficult.
“An app can simply hide its icon from the general view. Both of these malware use this technique to create […] Uninstalling is more difficult. To delete them, users need to go to the list of applications in the settings,” Suo explained.
The discovery of this spyware in the Google Play Store serves as a stark reminder to users and organizations to remain vigilant, take appropriate security measures, and protect their sensitive information from falling into the wrong hands.
