Security researchers have uncovered a malicious app that secretly signs users up for premium content without their knowledge.
The app has been downloaded tens of millions of times by Android users, despite being removed from the Google Play Store back in June 2019.
It’s called ‘a.i type’ and is a keyboard app that lets you customise the on-screen keyboard of Android phones like those made by Samsung, Motorola or Huawei.
However, in the background it is signing up – and paying for – various premium services that the user may not even be aware of. That’s the message from Secure-D, a team of security specialists from Upstream Systems. They found a huge amount of suspicious mobile transactions and traced it back to the app.
‘Ai.type’s popularity and useful features have been used to disguise systematic and worrying activity,’ the team explained in a comprehensive report.
‘This happens in the background without the user being aware and includes fake ad views and attempted digital purchases. While the activity is partly targeted at advertisers, it affects users in the following ways:
‘Subscribes users to premium services depleting their mobile data and adding charges that eat into their pre-paid airtime. In many emerging markets, using pre-paid airtime is the only way to pay for digital services.
‘Reduces battery life, even when the device is not in use, due to the unseen background activity. May overheat the device and affect its overall performance.’
Naturally, the advice is to delete this app if you’ve got it installed on your phone. But the team concluded it was part of a larger problem of mobile ad fraud run through freely available apps.
‘To avoid falling victim to data theft and unwanted purchases or subscriptions, Android users should immediately check their phones to see if they have any suspicious app installed,’ the authors wrote.
‘In most cases, Google Play is a safer source of Android apps – but even apps from legitimate sources can be compromised. Before any installation, users should check the app’s reviews, developer details, and list of requested permissions, making sure that they all relate to the app’s stated purpose.’
Source: Read Full Article