The Context:
Researchers have found out that ai.type keyboard app has been victimizing people by unknowingly subscribing them to premium services and stealing money. Despite Google removing it, it’s still online and is conducting malicious activities. The app has been found to subscribe users to third-party services unknowingly.
No matter what technology has in for us, the open-source platform is always susceptible to malware vulnerabilities frequently. Every month, the reports on Google removing malicious apps from the Play Store creep up. Despite the fixes, some other kinds of malicious activities come in the open. A similar issue has arisen for Android users and this time, from a popular keyboard app, named ai.type keyboard.
Android Users Alert! The App steals money – if you have it, uninstall now!
The Issue:
Researchers at a mobile technology firm, discovered a severe infection with the ai.type keyboard app that can rob its users. Without notification, users are being subscribed to premium third-party services. Hence, making unauthorized transactions in the background and stealing money from people.
14 million requests for carrying out suspicious transactions were found. According to the researchers, these requests were made from 100,000 devices that were under scrutiny. The ai.type keyboard app has been installed on millions of devices, despite Google removing versions a few months back.
The Impact:
The app is still available for download on various third-party app stores on Android and multiple websites, even after posing a considerable risk. Google removed the app in June 2019. The criminals started conducting more malicious threat activities than before, showing a spike in requests for transactions. Apart from unauthorized transactions, the app has also been giving out generic user data such as clicks on websites and purchase details to advertising networks.
The App was downloaded over 40 million times, according to the researchers at a mobile technology company. Active till date on millions of devices to date even after Google blocking it from Play Store. Ai.type delivers invisible ads and generates phony clicks, including access to text messages, photos, videos, contacts, and on-device storage.
Execution:
An APK file showed libraries with obfuscated code that tracked back to advertising trackers. Secure-D found that the app was designed to stealthily connect the user to advertising services, then execute dynamically provided code that is used to create fake ‘clicks’ on the mobile advertisements served to the user’s device.
The original link for the advertising trackers is hidden, while messages containing information needed by ai.type is used to perform the malicious transactions. The unseen background adware activity impacts on the battery life and the device’s overall performance as well as depleting mobile data.
If these transactions had not been detected and blocked, the app could have potentially costed victims an amount of $18 million in unwanted charges.
This suspicious, malicious vulnerability was recorded from as many as 13 countries, the rates being higher in Egypt and Brazil.
The Growth:
The app is still available on Apple’s App Store, but no longer present on Amazon Appstore as well as Google Play Store. With compromised mobile apps and mobile ad fraud, it’s challenging to identify the vulnerabilities of the fast-growing problems. It’s now time to not fall victim to data theft and unwanted infections or subscriptions.
If you have ai.type keyboard installed, you shall delete it from your phone immediately and look for signs suggesting unusual activities.
To avoid and safeguard yourself from threats, the same rules apply- stick to Play Store for downloading apps (after reading and analyzing reviews, stars, developer details, and the list of requested permissions) and avoid sideloading from other sources.
Interested in knowing more about cybersecurity? Or Cyber Attack? Head towards the blog section for more detailed analysis. Bring me back to the latest update on WhatsApp – WhatsApp Payment Services: Raised Questions due to Hacking Incident. A messaging app- WhatsApp, which has about 400 million users in India, has been testing its payments services in the country since last year, with about a million users — competing against Paytm, PhonePe, and Google Pay, when it is rolled out nationally in India. To know more, visit here!!