Pradeo, a cybersecurity research firm, recently discovered and reported that two file management apps on Android, collectively amassing over a million downloads, were in fact, info stealers.
These malicious apps were surreptitiously transmitting harvested sensitive data to unidentified entities located in China. The apps in question are named File Recovery & Data Recovery and File Manager, both developed by the same creator. The former app had approximately a million downloads, while the latter had around 500,000 downloads.
The identified apps exhibited typical characteristics of malware: they gathered excessive amounts of data beyond what is necessary for their intended functionality, concealed their icons on the home screen to prevent easy detection and removal by users, and lacked clear communication regarding their actions and intentions.
The two apps were sending a massive amount of data to servers located in China. The data included contact lists, connected email accounts, social networks, media and gallery items, location, mobile country code, network provider name, network code of the SIM provider, operating system version, device brand, and model.
Additionally, Pradeo discovered that these apps misused granted permissions to automatically restart themselves when the device is rebooted.
Thankfully, Google has removed both these apps from its store and reminded users about its Play Protect features.
The search engine giant said in an announcement:
These apps have been removed from Google Play. Google Play Protect protects users from apps known to contain this malware on Android devices with Google Play Services, even when those apps come from other sources outside of Play.
