Two file manager apps on the Android platform, which combined have more than one million downloads, were actually infostealers sending collected sensitive data to unknown entities in China.
Pradeo cyber security researchers discovered and reported on the apps, which are called File Recovery and Data Recovery and File Manager. Both are made by the same developer, and while the former has around one million downloads, the latter has around 500,000.
Google has since removed the apps and reminded users of Play Protect’s existence:
“These apps have been removed from Google Play. Google Play Protect protects users on Google Play Services Android devices from apps containing this malware, even if those apps come from sources other than Play, the company said in a statement. his announcement.
The apps displayed classic malware behavior: they collect more data than is necessary to function properly, they hide their home screen icons so users can’t easily find and remove them, and they do what they do in an obvious way. do not transmit from
In this particular case, the data sent to a server in China included:
Users’ contact list from device memory, connected email accounts and social networks.
Images, audios and videos managed or retrieved from applications.
real time user location
mobile country code
network provider name
SIM provider’s network code
operating system version number
Device brand and model
In addition, Pradeo found that apps abused granted permissions to reboot themselves when the endpoint rebooted.
Analysis: Why is it important?
Data is the “oil” of the 21st century. It is used by most companies to generate personalized offers, better understand user/customer behavior and generate new revenue streams. In recent years, as many companies began collecting user data in various, often unscrupulous ways, awareness of the importance of user privacy has grown. At the same time, legislators and law enforcement are pressuring companies to disclose more information about how they generate, store, secure, and share customer data, giving them a better say in this regard. You are forced to be hardworking.
Ultimately, the EU’s General Data Protection Regulation does just that.
But laws and regulations have never stopped cyber criminals. These companies still deal with data theft on a daily basis because it provides them with so many new attack opportunities: identity theft, wire fraud, ransomware, corporate email compromise and more.
The country’s states are also increasingly involved in cyber attacks including data theft. Chinese, Iranian, North Korean and Russian hackers are notorious for their ransomware campaigns and data theft, which is often part of a wider espionage effort.
Some Western countries and diplomats, led by the Trump administration, have been accusing China of using their companies as proxies for its espionage and data theft. As a result, Huawei has been heavily scrutinized in the West and subsequently banned from developing and building 5G infrastructure.
Huawei, as well as the Chinese government, strongly denied these allegations, saying they were baseless and that they had no intention of attacking their Western counterparts in the digital world. Huawei has also asked Western auditors to review its products and services to ensure they do not contain any backdoors or data intrusion techniques.
it did not work. Most major tech companies are not active in China. For example, Google left Huawei to develop its own mobile operating system called HarmonyOS.
What have others said about Chinese spying?
Those who have followed the cyber security industry know that cybercrime is no stranger to China and its dangerous elements have been caught in the act countless times. In a February 2022 article, MIT’s Technology Overview Dug deep in Daxin, a “creepy back door” that was used for a decade in “espionage operations against governments around the world” before being caught.
The MIT authors further stated that Daxin was not a “one-off”, but another sign of China’s “decade-long quest to become a cyber superpower”.
“While Beijing’s hackers were once known for simple sabotage operations, the country is now one of the best in the world due to tight surveillance, large spending and an infrastructure strategy to feed hacking tools to the government , which is unlike anything. Otherwise. In the world.”
In June this year, CISA director Jane Easterly, speaking at the Aspen Institute in Washington DC, said China is a “real threat” the West must prepare for, reports CNBC. Easterly answered a question about recent revelations of Chinese incursions into the US military and private sector infrastructure.
Easternly described China’s cyber-espionage and sabotage capabilities as an “era-defining threat” and said that in the event of open war, “aggressive cyber operations” would endanger critical US transportation infrastructure “to create social panic”. .
In late May this year, Western intelligence agencies along with Microsoft warned of a Chinese state-sponsored hacking group spying on a large number of US critical infrastructure organisations.
go deeper
If you want to learn more about staying safe online, be sure to read our comprehensive guide on best firewall Like best antivirus program , read ours too Best guide to prevent data loss Like What is Zero Trust Network Access? ,
Via: Bleeping Computer
