Language: rus ukr eng


Monday, 16 June
Mobile version  | RSS
News Ukraine Russia Peace Business Society Artistic and Culture Sports Policy PE Science and Health Photo Report Video

A popular antivirus for Android secretly spied on users

20 September 2017, 09:54 | Technologies
photo InternetUA
Text Size:

Google deleted, and then returned to the Google Play store one of the most popular mobile antivirus software. The company had to remove the DU Antivirus Security application from the DU Group (part of the Chinese conglomerate Baidu), because, according to researchers at Check Point, it secretly collected data from their smartphones from users. Antivirus was downloaded and installed from 10 million to 50 million times.

As the Check Point experts reported, when the user first launched DU Antivirus Security, the application recorded unique device identifiers, a contact list, a call log and geolocation data (if possible). Then, in an encrypted form, the data was transferred to a remote server with an IP address of 47. 88. 174. 218. Initially, the researchers decided that the server is controlled by malicious software operators. However, as demonstrated by the study of DNS records and adjacent subdomains, the domains hosted on the server are registered with the Baidu employee.

The information collected by the antivirus was then used by another application from the DU Group called Caller ID & Call Block - DU Caller, which provides users with data about incoming calls. August 21 this year, representatives of Check Point notified Google of unacceptable activity of the antivirus, and on August 24 DU Antivirus Security was removed from Google Play. The manufacturer removed some of the code responsible for data collection from the application, and a few days later the antivirus appeared again in the store.

According to researchers, the mechanism for collecting information is present in DU Antivirus Security v3.

5 and, probably, in earlier versions (in Check Point did not test earlier versions).

Experts decided to analyze for the presence of this code and other applications. In total, they found it in 30 programs, 12 of which are published on Google Play. As explained by the researchers, developers could implement malicious code as an external library that sends collected data to the same DU Caller remote server. Malicious applications that secretly collect user data could install from 24 million to 89 million people.




Add a comment
:D :lol: :-) ;-) 8) :-| :-* :oops: :sad: :cry: :o :-? :-x :eek: :zzz :P :roll: :sigh:
 Enter the correct answer 
News archive "Technologies"
Ad
© 2009 - 2025 NewsMe. All rights reserved.
The site administration is not responsible for information what put in, as well as its reliability. Use material NewsMe permitted only for reference (for internet issues - hyperlinks) on NewsMe.com.ua.

Наши проекты: