Android is getting more and more malicious applications, after xHelper – malware with the ability to revive itself Today, the very popular keyboard application, Who.type, with more than 40 million downloads, has been discovered to make millions of unauthorized payments, specifically buying paid content.
According to security firm Upstream, in addition to ai.type, besides being a keyboard application, it also runs in the background to display ads and fake clicks to help those behind. In addition, it also sends data such as real views, actual clicks and payment to the ad networks. Currently ai.type is affecting users in 13 countries including Egypt and Brazil, particularly severely.
Upstream Secure-D – a mobile security solution that blocks 14 million suspicious transactions related to ai.type. Transaction requests are sent from 110,000 installed ai.type devices and if not blocked, the value of these transactions is up to $ 18 million.
Ai.type was developed by an Israeli company named ai.type LTD and when I checked on the Play Store, I realized that the developers' apps were still there. Checking the website, Google now shows "this site has been hacked".
The image posted by Upstream shows authenticated transaction messages on an infected device without the user's knowledge. These messages show that the victim may be unjustified to be subscribed to a service that charges daily. Upstream explained that virtual keyboard applications often require advanced permissions on the device, such as ai.type that need permission to send messages, retrieve images, videos, contacts, and device memory. Giving super-level privileges to ai.type is dangerous because it can read user data such as contacts, record data to the device memory and access accounts logged on the device or even record everything around.
Upstream suggests that users should uninstall ai.type applications immediately as well as check information such as electronic invoices and transaction messages. Dimitris Maniatis – Head of Secure-D at Upstream explained: "ai.type contains SDK with programming code closely linked to ad networks and self-registration for paid services without the user's knowledge. running in the background and performing a series of clicks to register the service as well as create a fake click, because this activity does not appear immediately, the average user will not be able to recognize it being done. The SDK also automatically downloads code snippets from other sources to make it more difficult to hide and make security analysis tools harder for users to find. France. "
According to Upstream CEO Guy Krief, the type of fraudulent mobile advertising is a market worth up to $ 40 billion a year. It is estimated that 1 in 10 phones will be infected with malware like ai.type and such applications are difficult to detect because they have "cover like legitimate applications and often applications." "Malware applications are destroying the reputation of the mobile advertising industry and causing carriers and their customers to pay for unknown reasons."