Connect with us


Malware stealing your data



Nearly 1.7-million mobile subscribers are infected with mobile malware in South Africa alone, according to 2019 data compiled from mobile technology company Upstream’s Secure-D platform. According to the company, malware is the main culprit responsible for airtime theft and mobile ad fraud evident in the country, with 18,000 instances found on South African users’ devices.

Mobile malware can either be downloaded on the device by the user via an app or come pre-installed. Once activated on the device, mobile malware becomes part of a “botnet” (short for robot network) of infected devices. These botnets, networks of malware-infused devices, are being remote-controlled at scale by a “bot-herder”.

In the case of mobile ad fraud, the malicious application visits websites, clicks on banner ads and simulates a real person going through a subscription or other Direct Carrier Billing purchase processes. It even overrides a two-step authentication process, all the while remaining undetected by the user. The fraudsters’ goal is to claim pay-outs from advertisers for bogus traffic.

The result is unsolicited airtime charges, with users being able to detect the early signs of a malware infection when they see their mobile data plan being rapidly depleted for no apparent reason.

What is especially tricky about mobile malware is that it continues to operate without raising the suspicions of the user of the device. Tricks include making sure the app functions well even when malware runs in the background or ensuring that excessive battery drain doesn’t occur. Some apps change their name after they have been downloaded or remain totally out of sight, i.e. they cannot be found at the homepage of a device with an app icon.

The issue in South Africa

In 2019 Secure-D detected a total of 1.69-million malware-infected devices in South Africa, spanning 18,000 different applications. Secure-D maintains a public global malware list at  where the top malware threats in each market is being reported.

Out of the thousands of different malware apps active in the country the top 25 most active in the period of June to August 2020 that are available through Google’s Play Store are listed in the image below*:

The three worst offending apps in the country for the June to August 2020 period are:

  • Shareit – Sharing app with cross-platform transfer speed and free online feeds including movies, videos, music, wallpapers, GIFs.
  • Vivavideo – An app for editing photos and videos. It has been downloaded more than 100 million times worldwide, and Secure-D has blocked more than half a million fraudulent transactions originating from the app in South Africa alone.
  • StatusSaver – An app that shows users’ statuses from four different apps and environments.

Secure-D has been deployed in South Africa since late 2018 with the largest mobile network operators in the country covering 70 million mobile subscribers. According to Secure-D data for 2019 86% of the mobile transactions processed were fraudulent. During the full year 2019-end of August 2020 period Secure-D has processed more than 73 million mobile transactions, identifying and blocking a staggering 24K malicious apps that had infected over 2 million mobile devices.

Read about what users can do about malware infections on the next page.

Pages: 1 2