The other day we told you about malware that keeps reinstalling itself on Android phones even after a factory reset. Today, we have a story about a typing app once found in the Google Play Store called ai.type. Installed over 40 million times, the app has been making purchases of premium digital content without permission from the phone’s owner. Besides making these purchases, the app runs ads in the background and produces fake clicks to help bad actors generate revenue. It also sends to ad networks data containing real views, real clicks and real purchases. Security firm Upstream notes that the app has caused problems in 13 countries with those in Egypt and Brazil particularly vulnerable.
This app sent out verifying texts confirming subscriptions to premium content without the knowledge of the victim
Explaining how this app is a threat to phone owners, Dimitris Maniatis, the head of Secure-D at Upstream, states that “ai.type contains software development kits (SDKs) with hardcoded links to ads and subscribes users to premium services without their consent. These SDKs navigate to the ads via a series of redirections and automatically perform clicks to trigger the subscriptions.” Maniatis explains why users might not even notice that something is wrong by pointing out that “this is committed in the background so that normal users will not realize it is taking place. In addition, the SDKs obfuscate the relevant links and download additional code from external sources to complicate detection even from sophisticated analysis techniques. Bottom line: innocent users are paying for these hidden, unauthorized purchases and related data consumption whose source is buried in the app.”
According to Upstream CEO Guy Krief, mobile advertising fraud is a $40 billion a year market. In any given region, he says that one in ten devices can be infected. Krief also points out that these apps are hard to spot and because they “(dress) up to appear as legitimate and often popular applications, undetected malware damages the industry’s reputation, leaving mobile operators and their customers to pick up the tab.” With that in mind, ai.type has disguised itself as other apps including Soundcloud.