These Android apps could be sending your data to China without you knowing
Two Android apps were found in the Play Store secretly stealing data
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Twofile managementapps on the Android platform, with more than a million downloads combined, were actually infostealers that were sending harvested sensitive data to unknown entities in China.
Cybersecurity researchers from Pradeo uncovered and reported the apps, which were called File Recovery & Data Recovery, and File Manager. Both are built by the same developer, and while the former has roughly a million downloads, the latter has around 500,000.
Since then,Googleremoved the apps and reminded its users of the existence of Play Protect:
“These apps have been removed fromGoogle Play. Google Play Protect protects users from apps known to contain this malware on Android devices with Google Play Services, even when those apps come from other sources outside of Play,” the company said in its announcement.
The apps displayed classic malware behavior: they harvest more data than they need to properly function, they hide their icons from the home screen so that users can’t easily find and remove them, and they don’t communicate clearly what they’re doing.
In this particular case, the data that was being exfiltrated to a server in China includes:
Furthermore, Pradeo found the apps abusing given permissions in order to restart themselves when the endpoint is rebooted.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Analysis: Why does it matter?
Data is the “oil” of the 21st century. It’s being used by most companies to generate personalized offers, get more insight into user/customer behavior, and generate new revenue streams. In the last couple of years, as many companies started harvesting user data in various, often unscrupulous ways, awareness about the importance of user privacy grew. At the same time, legislators and law enforcement pressured companies into disclosing more information on how they generate, store, safeguard, and share customer data, and forced them into being more diligent in that respect.
At the end of the day, the EU’s General Data Protection Regulation does just that.
But laws and regulations never stopped cybercriminals. These are still engaged in data theft on a daily basis, as it allows them multiple new avenues of attack:identity theft, wire fraud, ransomware, business email compromise, and more.
Nation-states are also engaged in constant cyberattacks, including data theft. Chinese, Iranian, North Korean, and Russian hackers are notorious for their ransomware campaigns, as well as data theft, which is often part of a wider espionage effort.
Some Western nations and diplomats, led by the Trump administration, were loud in accusing China of using its companies as proxies for its espionage and data theft efforts. As a result, Huawei was heavily scrutinized in the West, and subsequently banned from developing and building out 5G infrastructure.
Huawei, as well as the Chinese government, vehemently denied these allegations, saying they were baseless and that they have no intention of attacking their Western peers in the digital realm. Huawei has even called for Western auditors to review its products and services to ensure no backdoors or data exfiltration techniques were included.
It didn’t work. Most major tech companies don’t operate in China. Google, for example, pulled out, leaving Huawei to develop its own mobileoperating system, called HarmonyOS.
What have others said about Chinese espionage?
Those who have been following the cybersecurity industry know that China is no stranger to cybercrime, and that its threat actors have been caught in the act numerous times. In a February 2022 writeup,MIT’s Technology Reviewdelved deep into Daxin, “the stealthy back door” that was used in “espionage operations against governments around the world for a decade before it was caught.”
MIT’s authors further stated that Daxin isn’t a “one-off”, but rather another sign of China’s “decade-long quest to become a cyber superpower.”
“While Beijing’s hackers were once known for simple smash-and-grab operations, the country is now among the best in the world thanks to a strategy of tightened control, big spending, and an infrastructure for feeding hacking tools to the government that is unlike anything else in the world.”
In June this year, at an appearance at the Aspen Institute in Washington, D.C, CISA director Jen Easterly said China is a “real threat” that the West needs to be prepared for, CNBC reported. Easterly was responding to a question about the recently disclosed Chinese infiltration of U.S. military and private sector infrastructure.
Easterly described China’s cyber-espionage and sabotage capabilities as an “epoch-defining threat” saying that in the event of open warfare “aggressive cyber operations” would threaten critical U.S. transportation infrastructure “to induce societal panic.”
In late May this year, western intelligence agencies, together withMicrosoft,warnedof a Chinese state-sponsored hacking group spying on a wide range of US critical infrastructure organizations.
Go deeper
If you want to learn more about staying safe online, make sure to read our in-depth guide on thebest firewalls, as well asbest antivirus programs. Also, read ourbest data loss prevention guide, as well aswhat is zero trust network access.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new malware utilizes a rare programming language to evade traditional detection methods
Google puts Nvidia on high alert as it showcases Trillium, its rival AI chip, while promising to bring H200 Tensor Core GPUs within days
Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time
