Let’s travel together.

Go delete it from your phone. It records you and sends the data to China


The topic of malicious apps in the Play Store comes up regularly. But have you ever wondered How widespread is this practice? Kaspersky Lab decided to estimate it.

Based on previous reports and information apparently obtained from Google itself, it was calculated that from January to mid-November 2023, approximately 3 million malicious applications. They were downloaded in total 600 million times. Here are the most interesting cases.

A threat that appears out of nowhere

As experts note, the main problem is evolution of methods used by criminals. In their opinion, the greatest threats include the least obvious cases that develop over time.

An application example is provided iRecorder Prowhich first hit the store in September 2021. At that time, however, she was a completely innocent dictaphone. Unexpectedly, after 11 months, it gained an update, adding remote access trojan code AhMyth.

Unfortunately, it took some time to detect the scam. This happened only in May 2023. Before over 50 thousand people were regularly recorded via the smartphone’s microphone, and the collected data was sent to a server in China.

Criminals set up dozens of developer accounts

Another case is a group of three photo editing apps: Beauty Slimming Photo Editor, Photo Effect Editor and GIF Camera Editor Pro. These tools infected the smartphone with Fleckpe malware that tricked users into paid subscriptions – says Kaspersky.

They were often deleted from the Play Store, but they were dishonest creators they have created dozens of developer accounts and the deleted instances were quickly replaced with new ones. It is estimated that over 620,000 people ultimately fell victim to this attack. people.

A sleeper agent on your phone

Yet another story involves file managers File Manager and File Recivery & Data Recovery. The programs, created by Chinese developer Wang Tom, worked without any problems for some time. Only after a few weeks they connected to a remote server to send sensitive data theresuch as contacts or location.

Simultaneously they were hiding the icon, hoping that the user will forget about their presence in the system. They could also display fake notificationinforming the user about their deletion due to an error.

If not you, they will rob advertisers

Kaspersky also lists dozens of titles that admittedly they did not rob the user directly, but they contributed to advertising fraud. This concerns a series of 43 applications detected in August 2023 generated advertising traffic with the screen off.

The group of advertising scammers also includes: countless Minecraft clones like Black Box Master Diamond, which has historically been downloaded over 10 million times. Likewise – a large set of applications that open ads in the background.


Leave A Reply