Pradeo Discovered Two Google Play Store Spyware Apps Tied to China : Risk To 1.5 Million Users

Unmasking the Threat: Spyware Applications Hiding in Plain Sight on Google Play Store

In a recent security report by Pradeo, it has been revealed that two spyware applications have been found hiding on the Google Play Store, posing a significant risk to up to 1.5 million users. These apps, which masquerade as file management applications, exhibit similar malicious behaviors and have been traced back to a common developer. Disturbingly, they are programmed to launch without any user interaction and quietly exfiltrate sensitive user data to various malicious servers based in China. Pradeo promptly alerted Google about this discovery prior to releasing the security alert.

Identifying the Spyware

The two spyware apps, named “File Recovery and Data Recovery” ( and “File Manager” (, have garnered a significant number of installations on the Google Play Store. “File Recovery and Data Recovery” has accumulated over 1 million installs, while “File Manager” has reached over 500,000 installs.

Also Read : Hummingbird: World’s First Optical Network-on-Chip Accelerator for AI Workloads adaptable to Tensorflow

Breached Data: From Contacts Lists to All Media…

Contrary to their claims on the Google Play Store, both applications state that they do not collect any user data. However, Pradeo’s analysis has shown that these claims are false and misleading. Moreover, the apps explicitly mention that even if data were collected, users would not be able to request its deletion, infringing upon data protection laws such as the GDPR.

Pradeo’s behavioral analysis engine has revealed that both spyware apps surreptitiously collect highly personal data from their targets, which is then transmitted to multiple destinations primarily located in China and identified as malicious. The stolen data includes users’ contact lists from their devices and connected accounts, such as email and social networks, as well as various media files, including pictures, audio, and videos. Additionally, the spyware apps gather real-time user location, mobile country code, network provider name, network code of the SIM provider, operating system version number (which could lead to vulnerabilities), device brand and model, and more. Each app conducts over a hundred transmissions of the collected data, an unusually high amount rarely observed in such malicious applications.

Also Read : Revolutionary Sensor Patch Enables Advanced Wound Monitoring with AI

Sneaky Behaviors Used by the Hackers to Increase Success

The hackers behind these spyware apps have employed several deceptive tactics to increase their success and evade detection. Firstly, they have managed to create an illusion of legitimacy by inflating the number of installations using methods like install farms or mobile device emulators. This strategy enhances the apps’ ranking in category lists and makes them appear more trustworthy despite lacking any user reviews. Furthermore, the spyware apps minimize the need for user interaction by leveraging advanced permissions to induce device restarts. This allows the apps to launch and execute themselves automatically upon restart, increasing their chances of compromising the target device. Additionally, both apps employ techniques to hide their icons from the general view, making it harder for users to uninstall them. To remove the apps, users must navigate to the application list in the settings.

Also Read : SEO for SXO: 15 Tips for Revolutionized Voice Search Experience Optimization Strategy

Security Recommendations

In light of these findings, Pradeo strongly advises all users who have installed these applications to delete them immediately. To prevent falling victim to similar threats, individuals are recommended to exercise caution when downloading applications without any reviews, read and assess existing user reviews, and carefully review the permissions requested by apps before accepting them.

For organizations, Pradeo emphasizes the importance of raising awareness among employees about mobile threats and implementing robust mobile detection and response measures. This includes vetting applications to ensure compliance with security policies and preventing their launch if they are found to be non-compliant.
Reference : Pradeo

Unmasking the Threat: Spyware Applications Hiding in Plain Sight on Google Play Store

Get Weekly Updates!

We don’t spam! Read our privacy policy for more info.

Unmasking the Threat: Spyware Applications Hiding in Plain Sight on Google Play Store

Get Weekly Updates!

We don’t spam! Read our privacy policy for more info.

🤞 Get Weekly Updates!

We don’t spam! Read more in our privacy policy

Share it Now on Your Channel