Leading mobile security company Pradeo has disclosed this dangerous intrusion. The report reveals that both spyware apps, namely File Recovery and Data Recovery (com.spot.music.filedate) with over 1 million installs, and File Manager (com.file.box.master.gkd) with over 500,000 Developed with install, by the same group. These seemingly harmless Android apps use similar malicious tactics and launch automatically when the device reboots without user input.
Contrary to their claim on the Google Play Store, where both the apps assure users that no data is collected, Pradeo’s analytics engine has found that various personal information is collected without users’ knowledge. The stolen data includes contact lists, media files (images, audio files and videos), real-time location, mobile country code, network provider details, SIM provider network code, operating system version, device brand and model.
What is particularly worrying is the large amount of data transferred by these spyware apps. Each app makes over a hundred transmissions, which is plenty for malicious activities. Once the data is collected, it is sent to multiple servers in China, which security experts believe to be malicious.
To make matters worse, the developers of these spyware apps use covert techniques to appear more legitimate and make them difficult to uninstall. Hackers artificially inflate the number of downloads of apps with install farms or mobile device emulators, creating a false sense of credibility. Furthermore, both apps have elevated permissions that allow them to hide their icons on the home screen, making it difficult for unsuspecting users to uninstall them.
Pradeo provides security recommendations for individuals and businesses in light of this troubling finding. Individuals should be cautious while downloading apps, especially apps without ratings, if they claim to have a large user base. To prevent such violations it is extremely important to read and understand app permissions before accepting them.
Organizations should make it a priority to educate their employees about mobile threats and install automated mobile detection and response systems to protect against potential attacks.
The incident highlights the ongoing battle between cyber security experts and malicious actors exploiting unknown users. Malware and spyware attacks are constantly evolving and finding new ways to infiltrate trusted platforms like the Google Play Store. As a user, it is imperative to be cautious, exercise caution when downloading apps, and trust reputable sources for software.