More than 1.5 million Androids users are at risk of Chinese hackers after two spyware apps were found in the Google Play Store.
Anyone with the apps File Recovery & Data Recovery and File Manager are being urged to delete them from devices manually, as they are scraping personal information.
This data includes contact lists, pictures, videos and real-time user location.
Cybersecurity firm Pradeo made the discovery and reported the malicious apps to Google – the tech giant has since removed them.
Security researchers have uncovered two spyware apps on Google Play that send user data to China – and more than 1.5 million Android owners downloaded them
Wang Tom is shown as the developer of both apps, mentioning they do not collect users’ data.
However, Pradeo found this to be false upon a deeper analysis.
Pradeo also revealed that the two apps hide their home screen icons, making finding and removing them more difficult.
The apps, updated at the end of June, also abuse the permissions the user approves during installation to restart the device and launch in the background.
And the publisher likely bloated the popularity of the apps to get more attention on Google Play, BleepingComputer reports.
Pradeo found the apps can scrape contact lists connected to email accounts, social networks and those stored on the device.
Users’ pictures, audio and video are also vulnerable, along with their location, mobile country code and network provider name.
Cybersecurity firm Pradeo made the discovery and reported the malicious apps to Google. This data being collected includes contact lists, pictures, videos and real-time user location.
Google has removed the apps from its Google Play Store, but users now need to delete the apps manually from devices
To uninstall the malicious apps, users need to open Settings and then select Apps to see the list of applications running on the device.
Earlier this month, Google warned Android users about a security threat that could steal their bank details.
The security team at ThreatFabric discovered it and is using apps uploaded to the Google Play Store to infect phones with fraudulent Anatsa banking trojan.
Once installed on a device, the money-stealing bug can steal credentials that can be used to authorize users who log into mobile banking.
Hackers can then gain control of someone’s account and access credentials, credit card details, bank balance and payment information, and transfer funds with less likelihood of the cardholder notices.
ThreatFabric explains: ‘Since transactions are initiated from the same device that targeted bank customers regularly use, it has been reported that it is very challenging for banking anti-fraud systems to detect it.’
According to security researchers at the tech company who have been tracking the activity, the bug has over 30,000 installations via this method alone.
