Two spyware applications masquerading as file management tools have been spotted on the Google Play store and have been installed a total of at least 1.5 million times.
These apps, from the same developer and discovered by cybersecurity company Pradeo, exhibit similar malicious behavior and work without user intervention. Their main goal is to covertly extract sensitive user data and send it to malicious servers based in China. The findings have been reported to Google.
One spyware application falsely claimed to not collect user data in Google Play store profiles.
“Reports from our behavioral analysis engine show that both spyware collected highly personal data from their targets and sent the data to a number of destinations, primarily located in China and identified as malicious. ,” explained Pradeo researcher Roxanne Suau, who discovered the problem. spyware.
In addition to collecting personal information such as contact lists and media files (photos, audio and video files) from the user’s device, the application sends the stolen data to multiple malicious servers, mainly located in China. I will send.
Chinese spyware details: CISA: patch bug exploited by Chinese e-commerce app
The amount of data sent by spyware differs from the typical case. Each application sends stolen data over 100 times.
To maximize their success, hackers behind spyware employ several tactics. These applications falsely increase their credibility by artificially inflating the number of installs through techniques achieved through install farms and mobile device emulators.
Additionally, spyware utilizes elevated privileges to prompt a device reboot, allowing it to automatically start and run on reboot, as well as techniques that make it difficult to uninstall.
“Applications only need to hide their icons from general view. Both of these pieces of malware use this technique to […] It makes uninstalling difficult. To remove them, the user has to go to the application list in settings, ”he explained Suau.
The discovery of this spyware in the Google Play store is a strong warning for users and organizations to stay vigilant, take appropriate security measures, and protect sensitive information from falling into the wrong hands.
