Recently, Pradeo, a prominent cybersecurity research firm, made a significant discovery and subsequently reported that two file management applications available on the Android platform were, in fact, designed to steal sensitive information.
These malicious apps, which collectively amassed over a million downloads, operated covertly by secretly transmitting harvested data to unidentified entities located in China. The two apps, named File Recovery & Data Recovery and File Manager, were developed by the same creator. The former app had approximately one million downloads, while the latter had around 500,000 downloads.
Upon investigation, Pradeo found that these identified apps exhibited typical characteristics of malware. They excessively collected data beyond what was necessary for their intended functionality, utilized techniques to hide their icons on the home screen to evade easy detection and removal by users, and lacked transparent communication regarding their actions and intentions.
The two apps were discovered to be transmitting an extensive volume of data to servers situated in China. The data being compromised included contact lists, connected email accounts, social network information, media and gallery items, location data, mobile country code, network provider name, network code of the SIM provider, operating system version, device brand, and model.
Furthermore, Pradeo uncovered that these apps improperly exploited granted permissions to automatically restart themselves when the affected device was rebooted.
Fortunately, Google promptly responded to Pradeo’s findings by removing both these malicious apps from its official app store. Additionally, Google took the opportunity to remind users about the importance of utilizing its Play Protect features to enhance the security of their devices.
The search engine giant said in an announcement:
These apps have been removed from Google Play. Google Play Protect protects users from apps known to contain this malware on Android devices with Google Play Services, even when those apps come from other sources outside of Play.
