Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireCybersecurity News

VivaVideo, “Spyware” App Maker, Contains Remote Access Trojan and Requests Dangerous App Permissions

SEC0520-cyber-Feat-slide1_900px
May 29, 2020

A new report focuses on how VivaVideo, one of the biggest free video editing apps for Android, with at east 100 million installs on the Play store, is a Chinese "spyware" app. The app asks for a wide host of dangerous permissions, including the ability to read and write files to external drives, plus the user’s specific GPS location (which is definitely not needed for a video editing app), claims VPNpro. 

According to VPNpro, VivaVideo has a history of malware. In 2017, it was mentioned as one of 40 apps suspected of spyware in a country-wide advisory for all Indian military and paramilitary troops, with a recommendation to delete the apps immediately. The app in question is developed by QuVideo Inc., a Chinese company based in Hangzhou, which also creates SlidePlus (1M installs), with similarly unnecessary dangerous permissions, plus a paid version of VivaVideo. In addition, VPNpro found 5 total apps within its network.

On Apple’s App Store, VPNpro noticed that QuVideo actually develops 4 apps – VivaVideo and SlidePlus, in addition to the apps VivaCut and Tempo. These last two apps are published on Play under different developer names, hiding their connection to QuVideo Inc., notss VPNpro. 

Beyond that, VPNpro discovered that QuVideo also owns the popular Indian app VidStatus, which has more than 50 million installs on Play. VidStatus, which is a “video status” tool for WhatsApp, asks for 9 dangerous permissions, including GPS, the ability to read phone state, read contacts, and even go through a user’s call log, notes VPNpro. The app was also identified as malware by Microsoft, containing a Trojan known as AndroidOS/AndroRat. These kinds of trojans can steal people’s bank, cryptocurrency or PayPal funds, claims VPNpro, and QuVideo does not officially claim VidStatus, VivaCut or Tempo on the Play store. A major Indian social video app related to WhatsApp, known as ShareChat, has three suspicious connections to QuVideo, including having the same API key within the app file (APK), similar homepages and URL structures.

Because of this history of malware and active trojan, and that QuVideo hides its connection with some of their apps, VPNpro recommends users practice caution with any of these apps. In general, if users find that these QuVideo apps provide no real benefit, VPNpro recommend deleting them from their phones as soon as possible. 

Hank Schless, Senior Manager, Security Solutions at Lookout, notes that many permissions requested by apps, such as access to location data or local files, could violate some privacy regulations, and do conflict with internal and external for many businesses. "Organizations should have a way to understand the permissions being requested by apps across their mobile fleet and blacklist apps that ask for certain permissions. For example, a healthcare organization that allows employees to use tablets to access patient data should also block any apps that request access to the device’s address book in case that could violate HIPAA," says Schless.

"A big problem is that people don’t often review app permissions before sharing personal data with an app developer," adds Schless. "For both consumer and business use, there should be mobile security on that device that provides a singular view of apps that have access to personal data.”

For more information and detailed findings, please visit https://vpnpro.com/blog/chinese-app-maker-requests-dangerous-app-permissions/

KEYWORDS: China spies cyber security malware remote access

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber_lock

    Remote Access Trojan Was a Major Threat in 2019

    See More
  • Encryption Future - Security Magazine

    Facebook Refuses to Give Law Enforcement Access to Its Messaging App, WhatsApp

    See More
  • dataprivacy

    Researchers find security vulnerabilities in sharing app SHAREit

    See More

Events

View AllSubmit An Event
  • March 6, 2025

    Why Mobile Device Response is Key to Managing Data Risk

    ON DEMAND: Most organizations and their associating operations have the response and investigation of computers, cloud resources, and other endpoint technologies under lock and key. 
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing