Chinese Mobile Antivirus App Caught Siphoning User Data (also 30 other apps affected)

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Google removed — and then reinstated — one of the most popular mobile antivirus apps on the Play Store after security firm Check Point discovered that the app was secretly collecting device data from users' smartphones.

The app in question is named DU Antivirus Security and was created by the DU Group, a company part of the Baidu conglomerate.

According to the app's Play Store page, between 10 and 50 million users downloaded and installed the app.

App collecting user data and passing it to another app
In a report published yesterday, Check Point researchers claim they identified suspicious activity in the app's normal mode of operation. Researchers say that when users run the DU Antivirus Security app for the first time, the app collected information such as:

Unique identifiers
Contact list
Call logs
Location information, if available
DU Antivirus then encrypted this data and sent it to a remote server located at 47.88.174.218. Initially, researchers thought this was a server under the control of a malware author, but some clever sleuthing through DNS records and adjacent subdomains revealed that domains hosted on the server were registered to a Baidu employee named Zhan Liang Liu.

The collected information was later used by another app belonging to the DU Group called "Caller ID & Call Block – DU Caller," which provides users with information about incoming phone calls.

Google removes, then reinstates a clean version of the app
Check Point alerted Google of this secret data harvesting behavior on August 21, and Google removed the app from the Play Store on August 24. The app was later reinstated on August 28 after DU Group removed the code responsible for the data collection mechanism.
Click to expand...

Daca collection mechanism found in 30 other apps
Following this initial discovery, Check Point searched other apps for the presence of this malicious code. They said they found it embedded in 30 other apps, 12 of which were also distributed through the official Google Play Store. Based on Google statistics, between 24 and 89 million users might have installed malicious apps that collected data without their knowledge.

"These apps probably implemented the code as an external library, and transmitted the stolen data to the same remote server used by DU Caller," researchers said.

This is not the first time the DU Caller app comes under scrutiny for abusive behavior. Earlier in the year, Chinese media discovered that the DU Caller app used multiple versions of privacy policies in order to trick users and collected data from devices even if the user had given consent or not.
Click to expand...
 
  • Like
Reactions: upnorth, Weebarra, Solarquest and 6 others
oneeye

oneeye

Level 4
Verified
Jul 14, 2014
174
AlNil0sbpPWSNQcg2
This is not the first, or last time that apps from Chinese developers have been caught playing fast & loose with user data. There have been way too many incidents to call these mere bugs. As a consequence, I avoid almost all apps from that region of the world.

But, to my utter dismay, HTC has been using Software Development Kits (SDKs) in many of there apps. Like products from Baidu, "Cheetah" and others. They are usually analytics, or advertising add-ons. That these are used at all gives me great pause and concern. I've been a long time fan of HTC, and if Google buys them out, perhaps I'll stay with the brand?
See this screenshot of what's in Boost+ app. Although ads are not displayed on HTC devices, I wonder just what info the
 
  • Like
Reactions: Weebarra, Venustus, Solarquest and 1 other person
oneeye

oneeye

Level 4
Verified
Jul 14, 2014
174
jogs said:
It would be good thing if there are dedicated threads which will have lists showing which apps are malicious for every kind of OS.
Click to expand...

The problem with that is, that when apps are discovered to have malware, adware, or spyware, they are removed before we ever hear about them. But, I agree, the researchers should definitely post a list every time for general information purposes at least.
 
  • Like
Reactions: ravi prakash saini, Weebarra and LASER_oneXM
E

Entreri

Level 7
Verified
May 25, 2015
342
I would not trust any Chinese software programs or products made by Chinese corporations. When corporations in China can mess up baby formula, leading to numerous deaths, nothing is sacrosanct.

Anyway, a large majority of the "free" apps have data collection. Spyware. The unfortunate part is when these companies store sensitive identifiable consumer data and don't encrypt them and get hacked.

On the PC, "free" programs, besides the regular telemetry, I wouldn't be shocked if some have keyloggers as well.
 
  • Like
Reactions: ravi prakash saini and Weebarra
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Wow
    • Like
    • Sad
Google removes Kaspersky's antivirus software from Play Store
Replies
17
Views
1,302
Kaspersky
harlan4096
harlan4096
silversurfer
    • Like
New Update The Google Play Store now lets you download or update three apps simultaneously
Replies
1
Views
200
Android & WearOS
Bot
Bot
Ashish1+1
    • Like
Technology Android apps can now block sideloading and force downloads through Google Play Store
Replies
4
Views
372
Technology News
Marko :)
Marko :)

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top