(NewsNation) — Two Android apps are reportedly sending sensitive data to unknown servers in China.
Cybersecurity firm Pradeo discovered the malicious apps, which are titled “File Recovery and Data Recovery” and “File Manager.” The apps, both disguised as file management apps, have been installed more than 1.5 million times.
“They are programmed to launch without users’ interaction, and to silently exfiltrate sensitive users’ data towards various malicious servers based in China. We have alerted Google of the discovery before publishing this alert,” Pradeo wrote in a blog post.
The apps collect “very personal data from their targets, to send them to a large number of destinations which are mostly located in China and identified as malicious,” according to Pradeo.
Stolen data includes:
- Users’ contact lists from the device itself and from all connected accounts such as email and social networks
- Media compiled in the application: Pictures, audio and video contents
- Real time user location
- Mobile country code
- Network provider name
- Network code of the SIM provider
- Operating system version number, which can lead to a vulnerable system exploit like the Pegasus spyware did
- Device brand and model
Since the discovery, Google removed both apps from the Play Store.
“These apps have been removed from Google Play. Google Play Protect protects users from apps known to contain this malware on Android devices with Google Play Services, even when those apps come from other sources outside of Play,” Google said, according to a report from Tech Giant.
If you have already downloaded these apps onto your phone, the tech giant encourages you to uninstall them immediately. Open Settings and select “Apps” to see the list of applications running on your device.
Pradeo recommends:
- Do not download applications that do not have any reviews from thousands of users
- Read reviews when there are any; they usually reflect the applications’ true nature
- Always carefully read permissions before accepting them