Mobile malware hurts mobile users in emerging markets

Spread the love

London, England: Mobile users already disadvantaged by an economic and digital divide have suffered the most from mobile malware or digital fraud throughout the COVID-19 pandemic.

16 per cent of mobile devices in emerging markets such as Brazil, Indonesia, South Africa and Thailand found that they processed a malware-infected transaction. That’s according to data from the latest malware report from mobile technology specialist, Upstream, and its full-stack anti-fraud platform Secure-D.

  • 1 In 6 Android Phones in Developing Markets Now Infected with Mobile Malware
  • Emerging markets including Brazil, Indonesia, Thailand and Nigeria are being disproportionality being impacted compared to the rest of the world
  • Criminals are moving away from Google Play to 3rd party stores to avoid detection/penalties
  • During the pandemic huge spike in criminals targeting gaming apps

The new report titled – “A Pandemic On Mobile – Mobile Ad Fraud and Malware,” shares insights that come from Secure-D processing 1 billion mobile transactions and service sign-ups for 35 mobile operators in 23 emerging markets covering nearly 840 million users.

The report reveals the scale of the impact of the COVID-19 pandemic on mobile ad fraud and malware. Secure-D, which identifies and blocks threats on behalf of mobile operators, detected 46,000 malicious apps in circulation, with a global block rate of 95 per cent. This translates as roughly one in six (16 per cent) mobile devices carrying at least one infected app.

Globally, only one in 36 (2.6 per cent) of devices reported being harbouring high-risk apps. End-users in the 23 markets as per estimates, avoided $1.3 billion in losses owing to fraudulent sign-ups being blocked in 2020.

“One example of how malicious apps operate is the ‘Best QR Code Scanner’, an app removed from Google Play, that triggered 15,997 transaction attempts from a single user’s mobile in Brazil in just one month,” said Geoffrey Cleaves, Head of Secure-D, Upstream Systems.

Emerging markets disproportionately impacted
Among the countries covered, Indonesia has the highest infection rates with over 99 per cent of mobile transactions flagged as fraudulent and subsequently blocked by the platform Secure-D. Brazil followed with a block rate of 96 per cent, with Thailand a close third at 92 per cent.

Mobile users in these regions tend to rely mostly on their mobile devices for connecting with the online world. Due to the poor fixed network infrastructure and lack of Wi-Fi, many of them are digital novices. They faced relatively high data costs compared to those in developed markets.

Millions of people in the developing world are also unbanked and rely on their mobile phones to pay for goods and services. This dependency is making them more vulnerable to bad actors, especially throughout the health crisis, resulting in higher infection rates.

Shift from Google Play – COVID-19 as malicious apps incubator
Data from the Upstream mobile malware report for the past period indicates that threat actors are increasingly turning their attention away from Google Play to other third-party app stores.

71% of malware-infected apps are available to consumers on such stores. This is a sharp rise from 49% 12 months prior, demonstrating a shift in fraud towards less secure and unregulated sources.

Google Play proves to be the safest choice for downloading Android applications. However, the 29% of malicious apps recorded that still went through Google (7% were removed from the store) show that even apps from legitimate sources can be compromised.

The COVID-19 crisis dramatically intensified the risk of digital fraud as most business and personal activity went online. Since the outbreak, gaming thrived and fraudsters followed the money trail.

Secure-D data confirms this, with “Games” becoming the most suspicious app category in the Google Play store, surpassing “Tools and Personalization” apps that were the most favoured by fraudsters in 2019. Even popular, legitimate gaming apps such as the “Farm Fruit Pop: Party Time” app were targeted.

The top suspicious app of the period is “com.android.fmradio”, a radio player app, responsible for 99.8 million fraudulent transactions. The app that had infected 356,270 devices globally was blocked by Secure-D, and has been removed from the Google Play store.

Heavily featured in the top ten most malicious apps lists are system apps, which typically come preinstalled on low-end Android handsets. These handsets are often the most popular phones in emerging markets due to their low price point.

Freemium video apps such as SnapTube and VivaVideo are also main agitators in emerging markets, with the latter trying to initiate premium subscriptions while delivering invisible ads to users in order to generate fake clicks, causing a multi-million dollar problem for the mobile advertising ecosystem.

“The disruption from the pandemic has resulted in a sudden surge of online activity for business, schooling, entertainment and socializing. This has, in turn, caused a spike of fraudulent activity from bad actors looking to exploit the situation,” said Upstream CEO Dimitris Maniatis.

“The digital divide has left users in emerging markets particularly vulnerable, not only because they depend on tools like direct carrier billing, but because their mobile devices are often their only gateway into the online world,” added Maniatis.

Telecom operators recognise data and security as one of the top challenges in their road to digitalization, yet more than half have no data security strategy in place.

To mitigate the impact of mobile fraud and protect users, especially in the world’s most vulnerable regions, Maniatis cited three key prerequisites.

“Decisive self-regulation and market-wide vigilance on one side, and mobile network-level solutions that guarantee prevention through dedicated expertise and 24×7 monitoring on the other, are two essential parts of the solution. As more of our life and work goes online, security will need to become an integral part of any digital offering and not an optional add-on feature.”

“Combating fraud especially in developing regions will ensure the mobile ecosystem retains its integrity and profitability and can keep providing communities with an essential and valued service,” he concluded.

Leave a Reply

Your email address will not be published. Required fields are marked *