Over 1.5 million Android users are at risk of two file management apps secretly sending user data to servers based in China using spyware. What’s worse, both apps hide from the home screen, making deleting them harder.
Spotted by mobile security company Pradeo, the malicious apps caught on the Google Play Store are named File Recovery & Data Recovery and File Manager. Posing as legitimate-looking file management applications, both claim not to collect sensitive data from the user’s Android device. However, they reportedly steal contact lists from emails and social media accounts, user location, device information, network provider name and media such as photos, video and audio.
Threat analysts state that the two apps send a large number of transmissions of stolen data to malicious servers based in China, which is “an amount that is so large it is rarely observed,” the report says. While the apps claim that no data is collected, it also states that if any information is gathered, users can’t request it be deleted. Understandably, this is shady, as the report points out that this goes against data protection laws.
File Recovery & Data Recovery and File Manager have over 1.5 million installs, with the former having 1 million and the latter gaining 500,000 users. They come from the same developer, listed as Wang Tom. To make it harder for users to delete these apps, the developer uses known malware tactics, such as forcing a restart to allow the apps to launch and execute.
The spyware-infected apps also hide themselves from the home screen, tricking users into thinking they no longer have the apps and making it difficult to delete them. Instead, users must head into app settings on their Android device to uninstall these malicious apps.
As per BleepingComputer, Google has removed both apps from the Play Store. Still, users should be cautious of any recent file management apps they have downloaded and ensure they aren’t lurking around on their devices.
What is spyware?
Spyware is a type of malicious software (malware) that sneakily obtains information on a device without the user’s knowledge and sends it to a threat actor. The stolen data can be anything from device information to personal files, photos, videos and more, which can be used to violate the user’s privacy or harm their device. This can lead to stolen passwords, banking accounts or sensitive information.
Spyware can infect devices by disguising themselves as legitimate software, such as an app or email attachment, to trick users into believing what they’ve installed is harmless. Spyware can put a user’s personal safety in danger without any awareness of the device being infected.
Since spyware can be used to track everything a user does, including the websites visited, communications between contacts and apps used daily, it can be easy for an attacker to obtain an assortment of information about a user. This can be used to harm the user directly or can be sold on dark web markets to malicious actors looking to exploit this information.
This nasty type of malware can easily slip past the defences of a device, which is why it’s a good idea to keep an antivirus on at all times to fortify your device.
How to remove spyware on Android
The two file management apps have been taken down on the Google Play Store. However, if you’ve recently downloaded apps named File Recovery & Data Recovery and File Manager, you’ll want to get rid of them fast.
For more ways, check out our guide on how to remove malware on Android.
Use antivirus software to protect your device
Simply put, the best way to get rid of spyware, or any type of malicious software, is to use the best antivirus software.
There are many free spyware and malware removal apps that will dispatch malicious software on your device, but it’s a good idea to make sure these tools are trustworthy, as hackers can also disguise these apps on the Google Play Store to deploy even more malware.
Since the File Recovery & Data Recovery and File Manager apps had 1.5 million installs collectively, many Android are at risk of still having the spyware.
If you find any signs of this spyware in an app (or any type of malware), find below a couple of ways to get rid of dangerous apps on your Android device safely. For more ways, check out our guide on how to remove malware on Android.
Signs of malware on Android
There are telltale signs that your device is under attack, which may include your device’s browser redirecting you to different web pages and installing unwanted toolbars, extensions or plugins. Spyware is no different, so make sure you look out for these signs.
- Your device is slower than usual and crashes frequently.
- Your browser is slower than usual and crashes frequently.
- Browsing through websites takes longer.
- You need to recharge your device more often.
- Apps take longer to load.
- There’s an unknown app or software on your device you didn’t download.
Safely remove an app on Android
- On your Android, press the necessary buttons to turn off your device.
- Tap and hold the Power off icon.
- Press OK to reboot to safe mode. This will restart your device.
- Once restarted, head to Settings.
- Navigate to Apps.
- Select any suspicious apps you wish to remove.
- Tap Uninstall. Restart your device to go back to normal mode.
Clear cache on Android
Clearing your browser and app cache on your device will help minimize the effects of malware. Apps and browsers store your online activities, and malicious software like adware can use this to cause more harm. Clearing cache can also help clear up space on your Android, boosting the device’s performance.
- To clear app cache, head to Settings.
- Select Storage and choose Apps.
- Select an app.
- Tap Clear cache.
Many Android owners use Google Chrome as their default browser. Here’s how to clear cache in Chrome on Android.
- On your Android, open Chrome.
- Tap the three vertical dots in the upper-right corner.
- Select Settings.
- Tap Privacy and security.
- Select Clear browsing data.
- To just clear cache, uncheck Browsing history and Cookies and site data.
- Tap Clear data.
