Posted on September 20, 2017 at 6:16 PM
The latest antivirus malware hack puts up to 50 million Android users at risk.
A free antivirus app for Android devices was recently discovered to be stealing users’ data without their consent. This popular app on the Google Play has been downloaded between 10 and 50 million times, leaving many devices vulnerable.
The app in question, “DU Antivirus Security” was exposed by researchers from the security firm, Check Point. According to experts at Check Point, users currently using the software, should immediately update their devices or risk exposing their information to malicious hackers.
Check Point pointed out the irony that users downloaded the app specifically to protect and encrypt the information when this app did the exact opposite.
The app manages to collect personal information from users, without the user’s consent, and then uses the information for commercial and retail purposes.
Researchers from Check Point also added that in addition to collecting information, the DU antivirus app also gathered information about your personal calls. It logged in its system who you were calling as well as how long the call lasted.
The antivirus app is only one of a DU range of Android apps and is linked to prominent Chinese technology company, Baidu.
According to Check Point, the moment the app is launched for the first time, it immediately collects information from the device in question. This includes your contact list, call logs, location, and more.
The information then becomes encrypted and gets sent to a remote server. This information is then implemented in another app in the DU range, called “DU Caller”.
Check Point experts immediately reported this breach of Android users’ private data to Google towards the end of August. Google removed the app three days after they received the claim.
After removal, an updated version of the app resurfaced on the Google Play store. However, devices still running an older version, are still a risk. The latest version, v3.1.5 incorporates a privacy-leaking code. According to Check Point, the same potentially dangerous code was found in at least 30 other apps, 12 of which are available on the Google Play store.
Even though the 12 suspicious apps have been removed from Google Play. Since the app’s launch on the Google Play store, the apps have received between 24 and 89 million downloads in total.
Researchers have linked a certain domain in the scheme to the email address of a Baidu employee. Considering that all of the DU range of apps are linked to the Baidu group, this implies a connection between the stolen data and the caller app.
The DU has a comprehensive range of apps, including DU Speed Booster, DU Battery Saver, and FaceMoji.
Check Point researchers advised all users who downloaded the DU Antivirus Security App, or any other existing apps in the DU range, to upgrade to the latest version that does not include the threatening code.
Antivirus apps are the perfect cover for including this code. As it is not unusual for apps of this nature to ask for extensive permissions. This way it can operate and take data covertly, while its users remain unaware.
To date, there have been many cases where antivirus software was used to distribute malware.