DU Antivirus Security, a security software developed by the DU group has been found to be secretly harvesting it's users data without seeking their consent.
According to a post by Check Point, the free Antivirus software which had between 10 and 50 million downloads when the discovery was made is said to collect its user's data only during the first run after the installation.
Information collected by the application from Android devices includes contact list, unique identifiers, contact list, call logs, and the potential location of the device. After gathering all the above list information, the app encrypts it and then send it to a remote server.
"While users trusted DU Antivirus Security to protect private information. it did the exact opposite. It collected the personal information of its users without permission and used that private information for commercial purposes," Check Point said on their blog.
Check Point also noted that the DU Antivirus app also logged users during calls, who they spoke with, and for how long they stayed on the phone call. Information collected are used by another app in the DU family called Caller ID & Call Block - DU Caller. The software is designed to provide users with information about incoming phone calls.
The researchers from Check Point made Google aware of the data collection practices on August 21 and the application was removed from the Google Play Store on the 24. However, the application returned to the Play Store on the 28 of August after its developers removed the malicious script from the application.
Versions of DU Antivirus Security that has the malicious code includes v3.1.5 and all version that came before it. The same data collecting code was also found in 30 other applications including 12 programs distributed through Google Play. These apps also transmitted the stolen data to the same remote server used by DU Caller. Though those apps have been removed from the Play Store, an estimated 24 to 89 million Android users are thought to suffer from the illicit data collection.
Check Point explained that Antivirus applications are easy to deceive since they have tangible reasons to demand user data so as to be used in the security check.
"Since anti-virus apps have a legitimate reason to request unusually extensive permissions, they are the perfect cover for fraudsters looking to abuse these permissions. In some cases, mobile anit-virus apps are even used as a decoy for delivering malware. Users should be aware of these suspicious anit-virus solutions, and use only threat protection from reputable vendors that are proven to be capable of safeguarding mobile devices and data stored in them," Check Point said.
DU Antivirus users are advised to upgrade to the latest version of DU Antivirus.