these Android apps steal your personal data
Will a week go by in 2022 without us discovering the appearance of new malware? It all went badly wrong. Between Russian malware that listens to your conversations or steals your Facebook data and Escobar that empties your bank account, caution is in order lately. Today we learn that prevails a new evil that would target the Muslim community.
“Give your data. Not taken back, it’s stolen! »
Google has indeed banned eleven apps from its Play Store that incorporated spyware. The latter was hiding warmly in very simple apps that you could download quite easily without asking yourself any questions. The proof, all the corrupted programs have been downloaded over 60 million times ! The extent of the damage is therefore potentially gigantic for users fooled despite themselves. When we look closely, we realize that 4 out of 11 apps have one thing in common…
Here is the list of applications that contained the spyware:
- Speed Camera Radar (>10 million downloads)
- Al-Moazin Lite (Prayer Times) (>10 million)
- WiFi Mouse (remote control PC) (>10 million)
- QR & Barcode Scanner (>5 million)
- Qibla Compass – Ramadan 2022 (>5 million)
- Simple weather & clock widget (>1 million)
- Handcent Next SMS-Text w/ MMS (>1 million)
- Smart Kit 360 (>1 million)
- Al Quran Mp3 – 50 Reciters & Translation Audio (>1 million)
- Full Quran MP3 – 50+ Languages & Translation Audio (>1 million)
- Audiosdroid Audio Studio DAW – Apps on Google Play (>1 million)
It goes without saying that if you have one of these programs on your smartphone, you should quickly remove it. Each one contains an internal code that collects data from your devices. The latter is able to collect specific and different information depending on the app in which it is located. Pirates, for example, recovered the phone number, email address, IMEI information of your device, GPS data and SSID of the router of its user. It was also possible to get your hands on everything you copy and paste. With each manipulation of this type, the information was sent to a dedicated server.
Once again, researchers caught a data broker tied to US national security harvesting extensive personal information including precise location via weather apps, QR readers, speed-trap detectors and Muslim prayer apps installed on >60m Android smartphones:https://t.co/gELGGRHbrc
— Wolfie Christl (@WolfieChristl) April 6, 2022
It is disturbing to see the concentration in their interests that the Muslim religion occupies in the list of programs (times of prayers, Koran to listen to, compass which gives the direction of Mecca…). You could almost see a large-scale espionage attempt by a government who could blame it on national security. But what would a government do here? So now that you mention it…
Strange and more than troubling links
The malicious code was discovered by Serge Egelman and Joel Reardon, researchers and co-founders of the organization AppCensus. The latter has specialized in the analysis of the privacy of applications and the security of their users. Even though the malware is very secure and difficult to trace, Reardon still discovered that the SDK came from a company that previously worked for the Virginia State Defense Department in the United States. The mounting to hide it is also extremely elaborate. The malware would come from the company Measurement Systems, registered in Panama (the hide-and-seek paradise) by Vostrom Holdings, based precisely in Virginia. The American company has numerous contracts with the federal government through its subsidiary Packet Forensicswhich itself specializes in cyber intelligence and the defense of federal agency networks.
Questioned by the Wall Street Journal, the developers of the applications pointed out revealed that Measurement Systems had paid them to introduce the SDK into their creations.
Reardon warns of the dangerousness of such software:
A database mapping a person’s real email and phone number to their precise GPS location history is particularly frightening because it could easily be used to run a program to dig into a person’s location history. a person simply by knowing their phone number or email, which could be used to target journalists, dissidents or political rivals.
The engineer also confides that his company has warned Google of the presence of this more than intrusive code. in October 2021. The date of the removal of the incriminated applications from the Play Store? March 25, 2022. We knew the Mountain View firm was quicker to relax and we better understand the more than 60 million infected devices.
If anyone has Snowden’s number…
