Malware infects 1.69m Android devices in SA

Staff Writer
By Staff Writer, ITWeb
Johannesburg, 29 Apr 2020

Some 1.69 million Android devices were infected with malware in South Africa last year.

This was revealed by mobile security company Upstream in its ‘Mobile Ad Fraud 2019 Report: The Invisible Threat’, which is based on data sourced from deployments of its Secure-D solution.

Secure-D is a carrier-grade platform that combines machine learning algorithms with payment processing workflows to protect mobile operators and their subscribers against online transaction fraud and data theft as a result of malware and other online threats.

Upstream works with several operators in SA to protect consumers and businesses from fraud of this nature. Secure-D monitors app activity and blocks suspicious transactions. 

Malware is lurking within many popular apps, unseen and committing background fraud that targets advertisers, operators and consumers, and blocked transactions came from over 18 000 different applications, the company says. 

It checked more than 50 million Android transactions in South Africa in 2019, identifying and blocking 86% of them as fraudulent.

Rogue apps appear to behave normally on a smartphone’s screen, however, they furtively click on links and adverts, sign users up to subscription services and consume huge amounts of data from prepaid contracts. In this way, advertisers pay app developers for false clicks, and these apps are used to steal personal data about the smartphone user without any noticeable indication that something is amiss.

Malefactors understand that smartphone users often watch and share videos, and they hide malicious activity in video apps. Last year, SA’s greatest offenders were all video apps.

The first, VidMate, had 15 million blocked transactions. This app was downloaded globally more than 500 million times. The app lets users download videos and songs from popular social media sites and entertainment services, so they can watch content offline. However, in the background, a hidden component generates fake clicks and purchases and downloads other suspicious apps without the user’s knowledge. It has been removed from Google Play.

The Snaptube video app infected 4.4 million handsets and generated more than 70 million fraudulent transactions, with 2 million of those transactions originating in South Africa. Despite being exposed, it is still available on third-party Android app stores.

Finally, the popular video editing software app Vivavideo, had 560 000 blocked transactions, and has been downloaded more than 100 million times globally. Secure D blocked more than half a million fraudulent transactions in SA alone.

According to the company, the Android OS is a target, as the system is easier to work with, and there are a slew of unofficial places where apps can be downloaded from.

Moreover, in regions like SA, a significant proportion of consumers use prepaid mobile phones as their main method to access the Web. These users also often use their airtime credit to buy digital services, enabling fraudsters to subscribe users to premium services without their knowledge, Upstream concludes.