Two file management apps on the Android platform with over a million downloads combined are actually information stealers sending sensitive data they collect to unknown entities in China.
Cybersecurity researchers at Pradeo discovered and reported the apps, dubbed “File Recovery and Data Recovery” and “File Manager.” Both are developed by the same developer, and the former has about 1 million downloads, while the latter has about 500,000 downloads.
Google has since removed the apps and reminded users of Play Protect:
“These apps have been removed from Google Play,” the company said in a statement. “Google Play Protect, through Google Play Services, protects users from apps on Android devices known to contain this malware, even from Play other sources.”
These apps display typical malware behavior: they collect more data than is necessary to function properly, they hide icons on the home screen so that users cannot easily find and delete them, and they fail to clearly communicate that they are do what.
In this particular case, the data that was leaked to the Chinese server included:
- User contact list from device memory, connected email accounts and social networks.
- Pictures, audio and video managed or recovered from within the app.
- real-time user location
- mobile country code
- Internet provider name
- SIM provider’s network code
- OS version number
- Device make and model
Furthermore, Pradeo found that these applications abuse the given permissions to restart themselves when the endpoint is restarted.
Analysis: Why does it matter?
Data is the “oil” of the 21st century. Most companies use it to generate personalized offers, gain a deeper understanding of user/customer behavior and generate new revenue streams. Awareness of the importance of user privacy has grown over the past few years as many companies have begun collecting user data in various and often unscrupulous ways. At the same time, lawmakers and law enforcement are forcing companies to disclose more about how customer data is generated, stored, secured and shared, and to do more to do so.
At the end of the day, that’s what the EU’s General Data Protection Regulation does.
But laws and regulations have never stopped cybercriminals. These folks still engage in data theft every day because it opens them up to multiple new attack vectors: identity theft, wire fraud, ransomware, business email compromise, and more.
Nation-states are also involved in ongoing cyberattacks, including data theft. Chinese, Iranian, North Korean and Russian hackers are notorious for their ransomware campaigns and data theft, often as part of broader espionage operations.
Some Western countries and diplomats, led by the Trump administration, have loudly accused China of using its companies as proxies for espionage and data theft. As a result, Huawei came under heavy scrutiny in the West and was subsequently banned from developing and building 5G infrastructure.
Huawei, as well as the Chinese government, have vehemently denied the allegations, saying they are baseless and have no intention of attacking their Western counterparts in the digital domain. Huawei has even called on Western auditors to scrutinize its products and services to ensure they do not contain backdoors or data exfiltration techniques.
It doesn’t work. Most major technology companies do not operate in China. For example, Google backed out and let Huawei develop its own mobile operating system, called HarmonyOS.
What do others say about Chinese espionage?
Anyone who has been following the cybersecurity industry knows that China is no stranger to cybercrime and its threat actors have been arrested several times. In a February 2022 article, MIT Technology Review An in-depth study of Daxin’s “invisible backdoor” that was “used in espionage against governments around the world for a decade before it was caught”.
The MIT authors further stated that Daxin is not a “one-off,” but another sign of China’s “decade-long quest to become a cyber superpower.”
“While Beijing’s hackers were once known for simple smash-and-grab operations, the country is now at the forefront of the world thanks to a strategy of increased control, huge spending, and an infrastructure that provides hacking tools to governments. Anything else in the world.”
In June of this year, CISA director Jen Easterly said during an appearance at the Aspen Institute in Washington, D.C., that China is a “real threat” that the West needs to prepare for, according to CNBC. Easterly was answering questions about the recently disclosed Chinese infiltration of U.S. military and private sector infrastructure.
Easterly described China’s cyber espionage and sabotage capabilities as an “epoch-making threat,” saying that in the event of war, “aggressive cyber operations” would threaten critical U.S. transportation infrastructure and “cause social panic.”
In late May of this year, Western intelligence agencies, together with Microsoft, warn A Chinese state-backed hacking group conducted espionage against multiple critical U.S. infrastructure organizations.
deeper
If you want to learn more about staying safe online, be sure to read our in-depth guide best firewallalso best antivirus program.Also, read our Best Data Loss Prevention Guidealso What is Zero Trust Network Access.
pass: computer beeps
