Cybersecurity researchers recently found 2 malicious applications on the Google Play store, installed by 1.5M users, collecting excessive data beyond what is required for promised features.
The two malicious apps, both by the same publisher, are designed to exfiltrate data that is sensitive in nature and transmit it to the various malicious servers that are established in China autonomously.
The behavioral analysis engine of Pradeo identified these two malicious spyware applications. While their description on the Data Safety section of Google Play claims that there is “No data collection from users’ devices.”
Here below, we have mentioned the two malicious applications along with their Google Play store download counts:-
Here below, we have mentioned the types of data that are exfiltrated by these two apps are:-
While the most shocking thing is that each of the applications excessively transmits the data collected, surpassing the normal state with more than a hundred transmissions.
Though some data collection may be justified for performance and compatibility, but the apps collect some unnecessary data beyond the scope of file management or data recovery needs.
Here the most strange thing is that the unnecessary data collected by the spyware apps is collected without the permission of the user, as they are collected secretly.
To make the removal difficult, the apps hide their icons from the home screen of the affected device, and they also exploit the approved permissions to operate discreetly in the background and reboot the device.
Here below we have mentioned all the behaviors that are sneaky in nature and used by the threat actor to increase its success rate:-
Here below we have mentioned all the recommendations:-
“AI-based email security measures Protect your business From Email Threats!” – .
A sophisticated new injection campaign has been uncovered, targeting mobile users through malicious third-party JavaScript…
A novel malware campaign targeting containerized infrastructures has emerged, exploiting insecurely exposed Docker APIs to…
ReliaQuest, hackers have deployed a cunning search engine optimization (SEO) poisoning scheme to orchestrate payroll…
A newly identified .NET-based information-stealing malware, dubbed PupkinStealer (also known as PumpkinStealer in some reports),…
Recorded Future Payment Fraud Intelligence has uncovered a sprawling network of 71 fraudulent e-commerce domains…
A groundbreaking study leveraging advanced application-layer scanning has exposed approximately 150,000 industrial control systems (ICS)…