Security researchers have issued warning for Ai.type, an Android third-party keyboard app, that’s been found stealthily signing up users for millions of unauthorized purchases of premium digital content.
The findings — disclosed by mobile tech company Upstream — reveal the app was downloaded over 40 million times. Troublingly, it’s active on million of devices to this date, despite being removed from the Google Play Store in June.
In addition, Ai.type delivers invisible ads and generates phony clicks, while requiring extensive permissions to use the app — including access to text messages, photos, videos, contacts, and on-device storage.
“Ai.type carries out some of its activity hiding under other identities, including disguising itself to spoof popular apps such as Soundcloud. The app‘s tricks have also included a spike in suspicious activity once removed from the Google Play store,” the researchers said.
In all, Upstream detected 14 million suspicious transaction requests from 110,000 unique devices that downloaded the Ai.type keyboard, leading the company to block the attempts.
If these transactions had not been detected and blocked, the app could have potentially costed victims a collective $18 million in unwanted charges, the researchers said.
Although the suspicious activity was recorded from as many as 13 countries, the rates were significantly higher in Egypt and Brazil.
The fact that an Android app removed from Google Play continues to be a source of adware points to the growing challenges associated with containing malware-infested apps on third-party Android marketplaces. It’s worth pointing out that the app is still available on Apple’s App Store.
Over the past several months, the official app stores for iOS and Android have been found to harbor several apps that commit ad fraud.
For its part, Ai.type suffered from a security incident of its own after the personal data of over 31 million users was leaked online in 2017. What’s more, it was caught sending its users’ keystroke data to its servers in plaintext back in 2011.
As always, the same rules of security hygiene apply: stick to the Play Store for downloading apps and avoid sideloading from other sources, and most importantly, scrutinize every permission an app requires before installation.
Android - Android - Google News
November 04, 2019 at 10:12AM
https://ift.tt/2oNlOW8
Sketchy Android keyboard app with 40M downloads makes money off unauthorized purchases - The Next Web
Android - Android - Google News
https://ift.tt/2qfx6Td
Shoes Man Tutorial
Pos News Update
Meme Update
Korean Entertainment News
Japan News Update
No comments:
Post a Comment