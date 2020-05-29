QuVideo, developer of applications like Vivavideo (video editing application very popular in both iOS and Android), contains a Trojan known as AndroidOS / AndroRat, capable of stealing data related to bank accounts, cryptocurrencies and PayPal according to a report from VPNpro. Similarly, Virustotal corroborates this information by marking the Trojan.

QuVideo has more than 50 million installations, asking Android for enough permissions little related to its video editor functions, such as GPS permissions, reading contacts, phone status, user call log and even read and write permissions on the system.

QuVideo and Vivavideo in the spotlight

QuVideo has already been removed from Android, but Vivavideo is still standing, so we can see all the requested permissions.

VPNpro has reported a Trojan found in the QuVideo app for Android. This application managed to exceed 50 million downloads and the problem has been located through Virustotal. Apart from the Trojan, QuVideo has highlighted the abusive permissions that the application has (the same as Vivavideo), such as GPS, calls, reading and writing and others. The application has already been removed from the Play Store, although not from the App Store.

Although the application is also present on iOS, Apple’s permission system is more restrictiveTherefore, this application has not been detected as a possible threat. From VPNpro they put more context about the QuVideo and Vivavideo applications, highlighting that already in 2017 QuVideo was detected as Spyware.

Although QuVideo has been removed, Vivavideo is still in the Play Store and applications with practically identical code as well, although they are not signed by the same developer

Given these detections, VPNpro indicates that three other dangerous applications have been published: VidStatus, Vivacut and Tempo on the Play Store, with the same API key inside and identical URL structures to those of QuVideo. However, these applications have been published under different developer accounts, so it cannot be claimed that they belong to the developer of Vivavideo.

Among these apps 150 million downloads are exceeded, although only QuVideo has been identified with a Trojan. However, from VPNpro they warn about the use of these applications that ask for such a number of permissions being only video editors.

Track | VPNpro

