Researchers at mobile tech company Upstream recently detected that popular Android keyboard app ai.type had been used to distribute ads and fake clicks.
The keyboard emoji app has been downloaded 40 million times from the Google Play store and whilst it seems like a great freemium app for users, ai.type carries out hidden activities and spoofing under other apps.
Upstream’s Secure-D mobile security platform blocked over 14 million suspicious transaction requests coming from 110,000 unique devices. These transactions could have cost users up to $18 million in unwanted premium digital service charges.
Although malicious activity was recorded in 13 countries it was highest in Egypt and Brazil.
Google deleted the app from its Play Store back in June 2019, but millions of Android devices continue to use it.
“Malware can be responsible for creating millions of dollars of fraudulent mobile advertising revenue. It seriously impacts consumers’ pockets and mobile service experience by eating up their data, incurring unwanted charges, and affecting the performance of their phones,” said Guy Krief, CEO of Upstream.
“The mobile advertising fraud market is worth some $40bn annually. In any given market one in ten devices are infected with malware. Dressing up to appear as legitimate and often popular applications, undetected malware damages the industry’s reputation, leaving mobile operators and their customers to pick up the tab.”
Upstream advises that users who have installed ai.type delete the app and monitor their devices for suspicious activity. They should check their phone bills for unwanted charges.
“Ai.type contains software development kits (SDKs) with hardcoded links to ads and subscribes users to premium services without their consent,” explained Dimitris Maniati, head of Secure-D at Upstream.
“These SDKs navigate to the ads via a series of redirections and automatically perform clicks to trigger the subscriptions. This is committed in the background so that normal users will not realize it is taking place. In addition, the SDKs obfuscate the relevant links and download additional code from external sources to complicate detection even from sophisticated analysis techniques. Bottom line: innocent users are paying for these hidden, unauthorized purchases and related data consumption whose source is buried in the app.”
Ai.type has previously made headlines for leaking data from over 31 million users.