Google Play Store malware installed on 1.5 million Android devices

[harlan4096]

Google's Play Store is the go-to store for most Android users when it comes to installing new apps and games for the operating system.

Like Google's Chrome Web Store, which is the place to install Chrome extensions, Google's Play Store has had its fair share of malicious apps and games that were offered to users.

Just recently, it became known that malicious authenticator apps were listed on the official store. Back in 2022, researchers discovered apps with malware that were downloaded 500,000 times by users, and just last month, security researchers discovered a malicious SDK in a number of apps.

Security researchers at Pradeo have discovered two spyware applications on Google Play that were downloaded more than 1.5 million times by Android users.

The applications, File Recovery & Data Recovery (com.spot.music.filedatecom.spot.music.filedate) and File Manager (com.file.box.master.gkd), disguised themselves as file management applications. Their main purpose of them was to send as much user data as possible to servers in China.

File Recovery & Data Recovery was downloaded more than 1 million times from Google Play, File Manager more than 500,000 times. Both applications listed fake Data Safety information on Google Play, claiming that they were not collecting any data.

Data Safety is mandatory information that app developers need to provide about their apps. The information that developers submit is not verified manually by Google.

Both applications had a relatively large number of downloads but no reviews. The researchers suggest that the developers of the app could have enhanced downloads artificially, for example, by using installation farms or mobile device emulators.

Pradeo researchers discovered that the two applications were busy as a bee collecting data from devices they were installed on. Data included:

• The contact lists from the device and from connected accounts, e.g., email accounts, social networking accounts.
  
• Media, such as pictures, audio or video.
  
• Real-time user location data.
  
• Mobile country code.
  
• Network provider name.
  
• Network code of the SIM provider.
  
• Version of the operating system.
  
• Device brand and model
  

The installed applications performed "more than a hundred transmissions of the collected data", which, the researchers write, is "so large it is rarely observed".

The applications in question are no longer listed on Google Play at the time of writing. Android users may want to check the list of installed programs to uninstall the apps, if they are still installed on their devices.

Pradeo notes that both applications hid their application icon on the home screen to make the uninstallation difficult. Android users have to open Settings > Apps to get a list of all installed applications and uninstallation options.

Now You: do you vet apps before you install them?
...

Continue Reading