Dune Game App Downloaded By Millions Of Users Leaks Sensitive Data

Security researchers from Pradeo (cybersecurity company) have recognized that the popular spin app on Play Store is sending different apps data on an Android device to a server which is located in China and is making quite a few unfavorable duties than what it is meant to do.

According to their searches, the application named Dune is affected by a lot of OWASP flaws and is uniformly leaking sensitive data. It is also declared that the app can help the execution of denial of service (DoS) attacks and can also do data corruption. This application can send important secret data containing the country code, device manufacturer, server provider, device’s commercial name, sort of telephone network, battery level, device model number and operating system.

It was reported that the taken data is transferred to 32 servers and due to the residence of 11 OWASP flaws including those that provide permission to other apps for avoiding security access, it is reasonable for third parties to collect sensitive data.

The researchers wrote in their official blog post that the application has 20 libraries, which is an over the normal number, and these libraries connect the device to unknown servers and do data leakage.

Related posts

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA

Kia Dealer Portal Vulnerability Risked Millions of Cars

Latest Octo Malware Variant Mimics Popular Apps Like NordVPN, Chrome