Two popular Android file management apps, File Recovery & Data Recovery and File Manager, recently discovered to be infostealers, were secretly sending sensitive data to unknown entities in China. These apps, developed by the same creator, had over a million downloads combined, with File Recovery & Data Recovery accounting for approximately one million downloads and File Manager with around 500,000 downloads.
Upon the discovery, Google promptly removed the malicious apps and issued a reminder to its users about Play Protect, a feature designed to safeguard Android devices from malware present in non-Play Store apps.
The identified apps exhibited typical malware behavior, such as extracting excessive amounts of data beyond their functional requirements, concealing their icons on the home screen to hinder detection and removal, and lacking transparency about their activities.
The data exfiltrated to a server in China included users’ contact lists, images, videos, audio files, real-time location, network information, and device details. Additionally, the apps abused permissions to automatically restart themselves after a device reboot.
Analysis: Why does it matter?
Data has become the “oil” of the 21st century, as companies leverage it to personalize offerings, gain insights into user behavior, and create new revenue streams. With the increased awareness of user privacy, companies face pressure from regulators and law enforcement agencies to be more transparent and diligent in handling customer data. The European Union’s General Data Protection Regulation (GDPR) is a prime example of such measures.
However, cybercriminals continue to engage in data theft, enabling various malicious activities such as identity theft, wire fraud, ransomware attacks, and business email compromise. Nation-states, including China, Iran, North Korea, and Russia, have also been involved in cyber espionage and data theft as part of their broader strategies.
China, in particular, has faced accusations of employing its companies for espionage and data theft purposes. Western nations have expressed concerns over Chinese cyber activities, leading to the banning of Huawei from certain markets and infrastructure development. Despite Huawei’s denial and calls for audits, skepticism remains.
What have others said about Chinese espionage?
China has been associated with cybercrime activities, and their threat actors have been caught in various incidents. MIT’s Technology Review conducted an in-depth investigation into China’s cyber espionage capabilities, highlighting their pursuit of becoming a cyber superpower. Additionally, CISA director Jen Easterly acknowledged China as a significant threat with the ability to carry out cyber-espionage and sabotage operations.
Recently, Western intelligence agencies and Microsoft issued warnings about state-sponsored Chinese hacking groups targeting critical US infrastructure organizations.
Go deeper
For further information on online safety, read our comprehensive guides on the best firewalls, antivirus programs, data loss prevention, and zero trust network access.
Source: BleepingComputer
Denial of responsibility! SamacharCentrl is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
Deepak Sen is a tech enthusiast who covers the latest technological innovations, from AI to consumer gadgets. His articles provide readers with a glimpse into the ever-evolving world of technology.
