Malware infects 1.69M Android Handsets in South Africa, Report

Secure-D from mobile tech company Upstream detected 1.69 million malware-infected Android devices in South Africa last year. Within many popular apps, Malware is lurking unseen and committing background fraud that targets advertisers, operators and consumers. The blocked transactions came from more than 18,000 different applications.

While the rogue apps behave normally on a smartphone’s screen, they surreptitiously click on links and adverts, sign users up to subscription services and consume vast amounts of data from prepaid contracts. Not only do advertisers pay app developers for the false clicks, the fraudulent apps are also used to steal personal data about the smartphone user without any visible sign of the fraudulent activity.

Specialist mobile security company Upstream works with a number of operators in South Africa to protect consumers and businesses from this type of fraud. The company’s Secure-D platform monitors app activity and blocks suspicious transactions. In an end of year report, Upstream revealed that it checked more than 50 million Android transactions in South Africa in 2019, identifying and blocking 86 percent of them as fraudulent.

Fraudsters recognize that smartphone users regularly watch and share videos, and they often hide malicious activity in video apps. In 2019, South Africa’s worst three offending Apps were all video apps:

1 – VidMate: 15 million blocked transactions

Downloaded worldwide more than 500 million times – Vidmate lets people download videos and songs from popular social media sites and entertainment services, allowing users to watch content offline. In the background, however, a hidden component generates fake clicks and purchases and downloads other suspicious apps without the user’s knowledge. Vidmate was by far the most dangerous app in South Africa in 2019, and is now only available on independent Apps stores, having been removed from Google Play.

2 – Snaptube: 2 million blocked transactions

The Snaptube video app infected 4.4 million handsets and generated more than 70 million fraudulent transactions, with 2 million of those transactions originating in South Africa. Upstream exposed Snaptube in October 2019, but it is also still available on third-party Android app stores.

3 – Vivavideo: 560,000 blocked transactions
A very popular video editing software app for smartphones, Vivavideo has been downloaded more than 100 million times worldwide. But just like Vidmate, its background behaviour leaves a lot to be desired and Secure D was working hard to block more than half a million fraudulent transactions in South Africa alone.

Global results

According to a report on the state of malware and mobile ad fraud released by mobile technology company Upstream, 93 percent of total mobile transactions in 20 countries were blocked as fraudulent in 2019. Data from the Invisible Digital Threat is based on deployments of Upstream’s Secure-D full-stack anti-fraud platform, which detects and blocks fraudulent mobile transactions that primarily originated from ad fraud malware. At the end of 2019, Secure-D was used by 31 mobile operators in 20 countries.

In those markets, Upstream’s security platform processed 1.71 billion mobile transactions and blocked 1.6 billion of them as fraudulent, a staggering 93 percent of total transactions. It’s estimated that these transactions would have cost users $2.1bn in unwanted charges had they not been identified. For the industry as a whole, losses from online, mobile and in-app advertising reached $42 billion in 2019 and are expected to reach $100 billion by 2023.

Why Android mobile phones are targeted

Fraudsters target Android handsets because the open operating system is easier to work with, and there are a host of unofficial places to visit and download apps. Additionally, in countries like South Africa, a large proportion of consumers use prepaid mobile phones as their main method to access the Internet. These users also often use their airtime credit to buy digital services, enabling fraudsters to subscribe users to premium services without their knowledge.

Follow us on Telegram, Twitter, Facebook or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates.