As the world grapples through the Coronavirus pandemic, there is another silent enemy that is lurking on your Android smartphone disguised in a mobile game or a junk cleaner. Despite everything that Google has done to strengthen security measures on Android, malicious apps continue to challenge the brilliant minds at the Googleplex, California. In a recent report by mobile technology company Upstream, the number of malicious mobile applications rose to over 29,000 in the first quarter of 2020 alone.
According to Upstream's Secure-D, a full-stack anti-fraud platform, there is a 55 percent spike in the number of fraudulent mobile transactions on android phones, putting millions of android users at risk. Such apps could steal your data in the background without your permission or can enable mobile transactions without your consent.
More worrisome, 90 percent of the apps are still available on Google Play store while others are available on third-party apps stores. It means that such apps, despite malicious scripts similar to malware, passed Google's security checks without ringing any bells. Although Google was adamant in cleaning the Play Store through their App Defense Alliance, which automatically launches the malware detection, 11 Million Android devices still got infected with some form of malware, the study, which covered 31 mobile operators in 20 countries, found.
Secure-D, processed over 326 Million mobile data transactions and blocked almost 290 Million (89 percent) of them on the grounds of fraudulent activities. According to the data, such activities in Indonesia, Brazil and Thailand increased dramatically.
Lockdown bolstered usage of such apps
With most of the countries under lockdown since February, usage of such apps increased by many folds and fraudsters targeted such users. The apps, which mostly fall under 'leisure apps' category, enabled people under lockdown to spend time. Video editors, players, news magazines, social apps, games are some of the examples.
"With the majority of the world having shifted indoors, there were some darker forces acting to make a profit from the lockdown situation. At Secure-D, we've seen a sharp increase in bad actors publishing 'leisure' apps on the Google Play Store, which trick users into subscribing for premium services," Geoffrey Cleaves, Head of Secure-D at Upstream, said.
China's Snaptude, One of The Usual Suspects
One of the most popular apps, Snaptube is one such example of malicious intent. The app, which lets you download videos from Facebook and YouTube, is not available on Play store. But its availability on the third-party app stores meant, it sneaked into the phones and defrauded customers with premium calls and texts, unknown to the users, worth $100 Million.
The app, which is developed by China's Mobiuspace was red-flagged last year for suspicious activities by Upstream. As many as 70 Million fraudulent transactions took place through the app in 2019. When caught last year, Snaptube blamed it on the collaboration with Mango SDK.
It promised to take action and file a lawsuit against Mango SDK and collaborate with security firms like Upstream to maintain the integrity of the app. Snaptube also released an update for the app to stop ad fraud and malicious activities. Although the number of such fraudulent activities dropped, it still managed to top Upstream's chart in the first quarter of 2020.
"Being in lockdown means prepaid customers will find it difficult to get out the front door to top up their data bundles," Cleaves said. "In the meantime, malware could be eating into those data bundles. I suspect we may see a drop in mobile internet traffic, and successful billing attempts, in predominantly prepaid developing markets while lockdowns are in force."