Mobile security firm Pradeo discovered that two file management applications on the Google Play store were sending user data to servers in China. The two apps, ‘File Recover and Data Recovery’ and ‘File Manager’, have over 1.5 million combined downloads. Both are capable of launching without user interaction and exfiltrating sensitive information.

The sensitive data includes media content, real-time location, operating system information, device information, and contact lists. This information was sent to multiple malicious servers in China. Pradeo believes the download counts of the two applications were artificially inflated. Both applications received updates at the end of June and had about 500,000 new downloads within seven days. The individuals behind the spyware likely employed install farms or mobile device emulators to boost the trustworthiness of the applications. Both apps are now removed from the Google Play store.

Read More: