VidMate, a popular video Android app with more than 500 million downloads, appears to be producing suspicious background activity, according to findings by Secure-D.
The Upstream security lab recently uncovered that the app contains hidden components within its ads that generate fake clicks and purchases. Installs of other suspicious apps without user consent was also detected.
Secure-D reports that it detected and blocked more than 128 million suspicious mobile transactions from VidMate coming from over 4.8 million unique mobile device IDs in 15 countries.
The numbers reveal the scale of the fraud scheme with unblocked usage potentially culminating in costs of $170 million.
Guy Krief, CEO of Upstream, explained:
“Mobile advertising is a multi-billion dollar industry on the rise and a very fertile ground for fraud. The VidMate example, whereby a single app is responsible for 130 million suspicious transaction attempts over a few months, is cause for great concern. The growing sophistication of disguised malware calls for an ever more vigilant approach. In the fight against digital fraud ongoing technological innovation is key”.
The test also revealed that the VidMate app drains battery life and bandwidth, consuming more than 3GB of data per month, which could prove costly for users on non-inclusive data plans.
VidMate also collected personal user data such as International Mobile Equipment Identity (IMEI), International Mobile Subscriber Identity (IMSI) or IP address abd transferred them to Nonolive-owned servers in Singapore. Nonolive is a company funded by Alibaba.