Two malicious file management apps found on the Google Play Store have put the privacy and security of up to 1.5 million Android users at risk. Recent discoveries by Pradeo, a leading mobile security company, reveal that File Recovery and Data Recovery (com.spot.music.filedate) with over 1 million installations, and File Manager (com.file.box.master.gkd) with over 500,000 installations, are interconnected spyware applications designed to engage in deceptive behavior and transmit sensitive user data to malicious servers based in China.

Despite their claims on the Google Play Store that no data is collected, Pradeo’s analytics engine has discovered the covert collection of personal information without your knowledge. These malicious apps steal contact lists, media files (images, audio files, and videos), real-time location, mobile country code, network provider details, SIM provider network code, operating system version, device brand, and model.

What’s truly alarming is the massive amount of data transmitted by these spyware apps. Each app sends over a hundred transmissions, posing a significant security threat to you, the user. Once your data is collected, it’s immediately sent to multiple servers in China, identified as malicious by cybersecurity experts.

To make matters worse, the developers of these spyware apps employ deceptive tactics to appear legitimate and hinder uninstallation attempts. They artificially inflate app download numbers using install farms and mobile device emulators, creating a false sense of trust. Moreover, these apps possess advanced permissions that allow them to hide their icons on your home screen, making it difficult for you to remove them..

Compounding the issue, the developers of these spyware apps have employed deceptive strategies to appear genuine and hinder uninstallation attempts. Through the use of install farms and mobile device emulators, the hackers artificially inflated app download numbers to create a false sense of trust. Additionally, both apps possess advanced permissions that allow them to conceal their icons on the home screen, thereby complicating their removal for unsuspecting users.

In response to The Hacker News report, a spokesperson for Google stated, “These apps have been removed from Google Play. Google Play Protect safeguards users against known malware-infected apps on Android devices through Google Play Services, regardless of their source.”

It’s crucial for businesses of all sizes to remain vigilant about security. Even a single staff member downloading malicious software can expose the entire company to these risks.

Protect yourself now! Double-check the apps authorized on your Google account. Visit our blog for tips on how to do that: https://blog.biztactix.com.au/how-to-check-3rd-party-apps-access-to-your-google/