Multiple apps remove data in the same way, all from Chinese devs Also, the researcher did not have a chance to look closer into this, but from his experience with analyzing APT malware, this looks like a valid theory. It is important to note that the three apps analyzed by Privacy_1st did not exhibit data exfiltration behavior every time they launched. Observing the behavior of the apps, the researcher noticed that they received at runtime a JSON file with different codes, which suggests that the apps retrieve commands from the mother ship for data exfiltration. The final destination for the information was the domain, the researcher told us, the same as the Open Any Files app. The researcher says that the serial number and the version of the operating system were among the exfiltrated details. They collected browser history and data from the device that could be used for identification. Privacy_1st looked into the three apps from Trend Micro and saw that they had hardcoded strings for exfiltrating user information. IOS developer and 9to5Mac writer Guilherme Rambo found that Trend Micro's Dr.