HQ/EMEAFind out how we can help your business
A few Chinese-affiliated spyware apps have managed to sneak past Google Play Store. The malicious apps have allegedly remained available in the legitimate app store, which resulted in its installation more than 1.5 million times. Based on reports, two instances of spyware are concealed within the stores.
Based on reports, the spyware apps on the Google Play Store are File Recovery and Data Recovery & File Manager. One entity has developed these two apps that masquerade as file management tools and exhibit similar compromising abilities.
Moreover, the app analysis noted that the developers created the apps to start autonomously, without user interaction, and transmit user data to several servers in China.
The two spyware apps could collect troves of data once a user acquires it from the app store.
According to an investigation, the spyware apps illicitly obtain troves of data, such as OS version number, network provider, device brand and model, network code of the SIM provider, country code, and real-time user location.
In addition, the apps could steal sensitive media content, like photos, videos, audio content, and contact lists, among others.
The threat actors that operated these applications have used several strategies to appear authentic and not hostile. The app developers showed a large user base without user reviews as one of their tactics.
The researchers also suspect that the attackers adopted mobile device emulators or installed farms to artificially inflate the user numbers that could boost the application’s ranking in the Play Store.
The attackers also used another strategy of minimising user interaction. The apps could automatically launch upon system startup, enabling them to execute malicious activities despite users not using them.
Cybersecurity experts state that there are multiple ways to avoid these threats. One of these methods is to download apps with thousands of installs now but contains zero reviews. Moreover, users should also read permissions before allowing the app with such privileges.
Organisations should automate detecting and responding to mobile threats by evaluating apps and verifying their compliance with established security protocols to upgrade their security measures.
