A team of anonymity, privacy, and security enthusiasts at VPNpro has recently revealed that some famous apps, owned by a Chinese company, with over 157 million installs combine on Play Store, contain remote access Trojans and dangerous permissions.

The security researchers also found that some of these highly popular apps ask for nine dangerous permissions, including users' location, the ability to read contacts, and files. They also claimed that these apps can also go through users' call logs without their consent.

Malicious Apps

apps on phone
Smartphone apps Pixabay

The recently published report includes names like VivaVideo, which is one of the popular free video editing apps for Android with around 100 million installs on the Play Store. This app asks for a wide host of dangerous permissions, including the ability to read and write files to external drives and the user's specific GPS location, which is unnecessary when it comes to video editing tools.

However, VivaVideo is developed by QuVideo Inc, a Chinese company based in Hangzhou has a history of malware. In 2017, the app was mentioned as one of 40 apps suspected of spyware.

It should be noted that the developers behind this app also create SlidePlus, which has around one million installs. This app also seeks unnecessary and privacy threatening requests. The researchers claimed that "While it may seem that QuVideo has only 3 apps on Play, we found 5 total apps within its network."

Dangerous Apps in the App Store

Malicious apps
Malicious apps VPNpro

Not only in the Play Store but in the App Store also the researchers found that QuVideo develops four apps, which are VivaVideo, SlidePlus, VivaCut, and Tempo. The last two apps are launched on Play Store under different developer names, hiding their connection to QuVideo Inc.

The researchers also found that QuVideo also owns another popular app VidStatus which has more than 50 million installs on Play Store. It is a "video status" tool for WhatsApp that seeks for dangerous permissions, including GPS location, the ability to read phone state, and read contacts. VidStatus was also identified as malware by Microsoft as it contains a Trojan known as AndroidOS/AndroRat which is capable of stealing people's bank, cryptocurrency, or PayPal funds.

It should be noted that QuVideo hides its connection with some of their apps since it has a history of malware and active trojan. So, if you have these apps installed on your phone, it will be ideal to delete them as soon as possible to ensure your privacy.