The total number of mobile applications identified as malicious in Q1 2020 has doubled compared to Q1 2019.
The first quarter also saw a 55% spike in the number of fraudulent mobile transactions and an increase in the number of malware-infected mobile devices.
This is according to a new report released by Secure-D, Upstream’s full-stack anti-fraud platform, that covered 31 mobile operators in 20 countries at the beginning of 2020.
In Q1 the security platform detected over 29 000 malicious apps versus just over 14 500 during the same period last year.
Concerningly, the data shows that nine of the top 10 malicious apps in the first quarter of 2020 are, or were at some stage, available on Google Play, meaning they have slipped through security nets.
Six of the top 10 malicious apps fall under the vague description of ‘leisure apps" and include apps such as video players and editors, news and magazines, games and social apps.
Geoffrey Cleaves, head of Secure-D at Upstream, says: “With the majority of the world having shifted indoors, there were some darker forces acting to make a profit from the lockdown situation. At Secure-D, we've seen a sharp increase in bad actors publishing leisure apps on the Google Play Store, which trick users into subscribing for premium services.”
He says fraudsters tend to target Android handsets because the operating system is easier to work with, with a host of unofficial places to download apps from. In markets such as Brazil, a large percentage of users use prepaid credit to purchase digital services, enabling bad actors to subscribe users to services without their knowledge.
Snaptube, a video downloader app, has proved the most troublesome app to date this year. It has been downloaded more than 40 million times worldwide. Last year, the Secure-D platform logged 70 million fraudulent transactions through the same app, with more than half of them in Brazil. Despite being reported by Upstream in October last year, the app is still available through many third-party app stores.
“The Secure-D platform has blocked more than 32 million fraudulent transactions relating to Snaptube so far in 2020,” says Cleaves.
Fraudulent transactions
In addition, during Q1 2020 Upstream’s security platform processed over 326 million mobile transactions and blocked almost 290 million, having identified 89% of total transactions as fraudulent.
The data highlights a significant rise in the number of global transactions blocked as fraudulent, up 55% from the previous year when 186 million were blocked out of the 208 million transactions processed.
In terms of infected devices, Secure-D saw a rise of 7% compared to last year’s first quarter. In Q1 2020 11.2 million malware-infected devices were detected, compared to 10.5 million the year before.
“It is unknown at this stage how the COVID-19 pandemic will shape 2020 figures, but the impact is likely to be significant,” says Cleaves.