Technology provider Upstream has revealed how their platform, Secure-D, discovered Alcatel smartphones were being sold with a suspicious weather forecast app pre-installed, as well as being available for other mobile users to download in the Google Play store.
Secure-D detected suspicious activity initiated by an Android application named “Weather Forecast – World Weather Accurate Radar” in Brazil and Malaysia. This application was later found pre-installed on Pixi 4 and A3 Max devices from Alcatel, a brand owned by Nokia. The devices are manufactured under licence by Chinese electronics company TCL Corporation, a manufacturer of Alcatel and Blackberry branded mobile phones.
The application, which has since been removed, was also available on Google Play, with more than 10 million downloads, including those in the UK, USA and France. It claimed to provide “accurate forecasts and timely local weather alerts”. Despite user complaints, which were seemingly pushed down the ‘ratings and reviews’ section, the app had a 4.4 star rating.
When infected devices were tested by Secure-D, the app was found to collect and transfer users’ personal information to servers in China, including the user’s device ID, their email and location. Furthermore, it was found to behave like a typical malicious app, which attempts ad fraud, by loading pages with ads and clicking on them, as well as trigger subscriptions to premium services without user consent.
This activity, invisible to the users, was consuming up to 250MB of their data daily, which had a particularly adverse impact on consumers in emerging markets, where the cost of data is extremely high – for example, in Brazil 1GB costs the equivalent of 6h of work on minimum wage (vs. 30 min in Germany).
Guy Krief, CEO of Upstream commented:
“The combined growth of smartphone penetration and mobile advertising is providing the ideal set-up to perpetrate ad fraud, mainly with mobile malware. This year only, an estimated $19 billion will be stolen through ad fraud, which can become payment fraud in emerging markets, affecting not only brands but also consumers’ wallet and privacy.”
Secure-D has detected and blocked over 3 million fraudulent transaction attempts generated by the “Weather Forecast – World Weather Accurate Radar” app across 7 markets. Had they not been blocked, these transactions would have translated into $1.5m fraudulent charges to users’ airtime in Brazil, Malaysia, Nigeria, South Africa, Egypt, Kuwait and Tunisia.
The application ranked among the top 5 weather apps in 30 countries, including the US, UK and France. It was the sixth most popular weather app in the UK and Canada, and ranked among the 20 most popular weather apps in the U.S in 2017.
For the full report on the investigation please visit: