Tech Lurn
Power Of Web

Chinese Mobile Antivirus App Potentially Stealing User Data

A Chinese based free mobile antivirus app has been found to be secretly stealing users private data.

In a research, Cyber Security firm Check Point’s mobile threat researchers claimed that they identified a suspicious activity in China based free Mobile Antivirus app called DU Antivirus Security app, created by DU Group, a company part of the Baidu conglomerate. The app secretly collects users personal data such as unique identifiers, contact list, call logs and geolocation without user permission.

How this mobile antivirus app stealing users private data?

Malicious Android Apps, DU Mobile AntiVirus Security,

According to Check Point mobile threat researchers report — “Once installed on the device, the DU Anti-Virus Security app would automatically gather the user’s sensitive information such as the unique identifiers, contact list, geolocation and personal call logs — who you’re speaking with and for how long without users consent to the privacy policy, and using this private information for commercial purpose.”

Then the collected information will be encrypted and upload it to a remote server located at 47.88.174.218. Initially, researchers thought that remote server was under the control of some hackers or malware author, but some clever sleuthing through DNS records and adjacent sub-domains revealed that domains hosted on the server were registered to a Baidu (Chinese Search Engine) employee named Zhan Liang Liu.

All collected information was later used by another app developed by the same DU group, called “DU Caller — caller ID & call block,” which provides users with information about incoming phone calls.

Cyber-security experts alert about mobile security:

Malicious Android Apps, DU Mobile AntiVirus Security,

Cyber-security experts at Check Point alerted Google about this secret data harvesting apps on 21st Aug. However, Google removed the DU mobile antivirus security app from play store, and later app was reinstated on 28th Aug after DU group removed the malicious code responsible for the data collection mechanism.

“The mobile security app ‘DU antivirus security’ didn’t specify about the data collection mechanism in its privacy policy, nor the app had acquired the user permission,” – Google said.

Check Point says that DU Antivirus Security v3.1.5 included the data collection code and possibly earlier versions. However, the company has not tested previous versions of the app. It is recommended that users update to the latest version of this mobile security app.

According to the app’s Play Store page, over 10 million users running the app.

Suspicious Data Collection Mechanism found in another 30 Android apps.

As concern to mobile security, Check Point Mobile Security experts also found another 30 apps having same malicious code that responsible for data collection mechanism. 12 of them are officially hosted by Google Play Store. Based on Google statistics, between 24 and 89 million users might have running these malicious apps that collect data without their knowledge.

“This malicious code probably embedded in the external library of the apps, and sent the stolen data to the same remote server used by DU Caller,” mobile security experts said.

This is not the first time the DU Caller app comes under scrutiny for abusive behaviour. Earlier this year, Chinese media discovered that the DU Caller app used multiple versions of privacy policies in order to trick users and collected their private data from devices even if the user agreed or not.

List of Check Point identified apps featuring the malicious code that responsible for data collection mechanism.

Hosted by official Google Play Store:

Malicious Android Apps, DU Mobile AntiVirus Security,

Outside the official Google Play Store:

  • com.power.core.setting
  • com.friendivity.biohazard.mobo
  • com.energyprotector.tool
  • com.power.core.message
  • batterysaver.cleaner.speedbooster.taskkiller.phonecooler
  • com.rammanager.pro
  • com.memoryanalysis.speedbooster
  • com.whosthat.callerid
  • speedbooster.memorycleaner.phonecleaner.phonecooler
  • com.example.demos
  • com.android.fb
  • antivirus.mobilesecurity.antivirusfree.antivirusandroid
  • speedtest.networksecurity.internetbooster
  • com.ramreleaser.speedbooster
  • com.dianxinos.optimizer.duplay
  • com.coolkeeper.instacooler
  • com.memoryreleaser.booster
  • com.freepopularhotvideo.hotube

Also read:

We hope you like this post on Mobile Security, comment your views on this topic. Please Like and Follow TL on social media for more latest updates.

Comments are closed, but trackbacks and pingbacks are open.