These Android apps could be sending your data to China without you knowing
Date:
Mon, 10 Jul 2023 15:19:53 +0000
Description:
Two Android apps found in the Play Store, secretly stealing data and sending it to a server in China.
FULL STORY ======================================================================
Two file management apps on the Android platform, with more than a million downloads combined, were actually infostealers that were sending harvested sensitive data to unknown entities in China.
Cybersecurity researchers from Pradeo uncovered and reported the apps, which were called File Recovery & Data Recovery, and File Manager. Both are built
by the same developer, and while the former has roughly a million downloads, the latter has around 500,000.
Since then, Google removed the apps and reminded its users of the existence
of Play Protect:
"These apps have been removed from Google Play. Google Play Protect protects users from apps known to contain this malware on Android devices with Google Play Services, even when those apps come from other sources outside of Play," the company said in its announcement.
The apps displayed classic malware behavior: they harvest more data than they need to properly function, they hide their icons from the home screen so that users cant easily find and remove them, and they dont communicate clearly
what theyre doing.
In this particular case, the data that was being exfiltrated to a server in China includes: Users' contact list from on-device memory, connected email accounts, and social networks. Pictures, audio, and video that are managed or recovered from within the applications. Real-time user location Mobile
country code Network provider name Network code of the SIM provider Operating system version number Device brand and model
Furthermore, Pradeo found the apps abusing given permissions in order to restart themselves when the endpoint is rebooted. Analysis: Why does it matter?
Data is the oil of the 21st century. Its being used by most companies to generate personalized offers, get more insight into user/customer behavior, and generate new revenue streams. In the last couple of years, as many companies started harvesting user data in various, often unscrupulous ways, awareness about the importance of user privacy grew. At the same time, legislators and law enforcement pressured companies into disclosing more information on how they generate, store, safeguard, and share customer data, and forced them into being more diligent in that respect.
At the end of the day, the EUs General Data Protection Regulation does just that.
But laws and regulations never stopped cybercriminals. These are still
engaged in data theft on a daily basis, as it allows them multiple new
avenues of attack: identity theft , wire fraud, ransomware, business email compromise, and more.
Nation-states are also engaged in constant cyberattacks, including data
theft. Chinese, Iranian, North Korean, and Russian hackers are notorious for their ransomware campaigns, as well as data theft, which is often part of a wider espionage effort.
Some Western nations and diplomats, led by the Trump administration, were
loud in accusing China of using its companies as proxies for its espionage
and data theft efforts. As a result, Huawei was heavily scrutinized in the West, and subsequently banned from developing and building out 5G infrastructure.
Huawei, as well as the Chinese government, vehemently denied these allegations, saying they were baseless and that they have no intention of attacking their Western peers in the digital realm. Huawei has even called
for Western auditors to review its products and services to ensure no backdoors or data exfiltration techniques were included.
It didnt work. Most major tech companies dont operate in China. Google, for example, pulled out, leaving Huawei to develop its own mobile operating system, called HarmonyOS. What have others said about Chinese espionage?
Those who have been following the cybersecurity industry know that China is
no stranger to cybercrime, and that its threat actors have been caught in the act numerous times. In a February 2022 writeup, MITs Technology Review delved deep into Daxin, the stealthy back door that was used in espionage operations against governments around the world for a decade before it was caught.
MITs authors further stated that Daxin isnt a one-off, but rather another
sign of Chinas decade-long quest to become a cyber superpower.
While Beijings hackers were once known for simple smash-and-grab operations, the country is now among the best in the world thanks to a strategy of tightened control, big spending, and an infrastructure for feeding hacking tools to the government that is unlike anything else in the world.
In June this year, at an appearance at the Aspen Institute in Washington,
D.C, CISA director Jen Easterly said China is a real threat that the West needs to be prepared for, CNBC reported. Easterly was responding to a
question about the recently disclosed Chinese infiltration of U.S. military and private sector infrastructure.
Easterly described Chinas cyber-espionage and sabotage capabilities as an epoch-defining threat saying that in the event of open warfare aggressive cyber operations would threaten critical U.S. transportation infrastructure
to induce societal panic.
In late May this year, western intelligence agencies, together with
Microsoft, warned of a Chinese state-sponsored hacking group spying on a wide range of US critical infrastructure organizations. Go deeper
If you want to learn more about staying safe online, make sure to read our in-depth guide on the best firewalls , as well as best antivirus programs . Also, read our best data loss prevention guide , as well as what is zero
trust network access . Check out the best malware removal software around
Via: BleepingComputer
======================================================================
Link to news story:
https://www.techradar.com/pro/these-android-apps-could-be-sending-your-data-to -china-without-you-knowing
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)