Check Point researchers found that one of the popular antiviruses on Google Play, DU Antivirus Security secretly collected information about their users. According to experts statistics, the mobile application created by DU Group, part of Baidu conglomerate, was downloaded between 10 to 50 million times.
In their report, the researchers wrote that they found a suspicious activity of the application version 3.1.5. The fact is that when you first started on a new device, DU Antivirus Security collected various data, including unique IDs, list of contacts, logs of exports, information about the location of the device (if available). The collected information was transferred to a remote server located at 126.96.36.199. At first, analysts decided that this server belongs to some cybercriminals, but the investigation revealed that it belongs to a Chinese company Baidu employee.
According to Check Point experts, the data collected by the antivirus was then used in another DU Group application, which is called Caller ID & Call Block – DU Caller. As you can understand by the name, the software provides users with information about incoming calls.
On August 21, 2017, the security researchers reported their discovery to Google engineers, after which the antivirus was removed from the official application directory. Later, on August 28, 2017, on Google Play was downloaded a new version of DU Antivirus Security, from which the spyware functions were removed. Users are strongly encouraged to update.
More News: Winnti Chinese hackers use GitHub to C&C
Analysts at Check Point report that they checked other applications for this malicious code. It turned out that spyware functionality is present in more than 30 other apps, 12 of which are on Google Play. According to the official statistics of Google, in total, these applications were downloaded between 24 to 89 million times. They also supplied data for the app mentioned above DU Caller.