The number of malicious mobile applications available for download has doubled in the first quarter of 2020, and worryingly a large number of them are getting past security checks on Google Play.
This is according to new data from cybersecurity firm Upstream and its Secure-D research wing, which says it identified more than 29,000 malicious apps in Q1, versus circa 14,500 during the same quarter last year.
UK-based Upstream, which says its security platform is used by 30 mobile network operators in emerging markets, said that worrying, nine out of ten of the top malicious applications affecting users were available at one point on the Google Play store. (It was not clear how long for).
Google’s Play Protect is the world’s most widely-deployed threat detection service: Google says it actively scanning over 50 billion apps on-devices every day, but that finding these bad apps is non-trivial, as malicious developers go the extra mile to make their app look as legitimate as possible.
(Play Protect scans all applications including public apps from Google Play, system apps updated by OEMs and carriers, and sideloaded apps.)
Yet despite the efforts, malicious apps remains a growing market.
Upstream notes in its report: “Fraudsters tend to target Android handsets specifically because the operating system is easier to work with, with a host of unofficial places to visit and download apps.” (The comment suggests many apps are sideloaded, particularl in emerging markets).
In conducting the report Upstream’s anti-fraud platform analysed 31 mobile operators in 20 countries over the first quarter of 2020.
Watch out for Snaptube
The worst offending application to cross Upstream’s path is a video download called Snaptube which so far has more than 40 million downloads.
The application first came on the scene in 2019, it allows users to download videos and audio files from streaming sites, however it also delivers invisible adverts and self generates clicks on content, in some cases allegedly purchasing premium content. Over 70 million fraudulent transactions have been made through the Snaptube application, with the majority of the transactions originating in Brazil, Upstream found.
Geoffrey Cleaves Head of Secure-D commented in the report that: “Being in lockdown means prepaid customers will find it difficult to get out the front door to top up their data bundles. In the meantime, malware could be eating into those data bundles. I suspect we may see a drop in mobile internet traffic, and successful billing attempts, in predominantly prepaid developing markets while lockdowns are in force.”
Upstream also clocked a significant spike in the number of global transactions that have been blocked as fraudulent, with 55 percent more being blocked year on year.
The report states that: “Indonesia, Brazil and Thailand have seen dramatic spikes in fraudulent activity.
“Secure-D processed more than 161 million transactions in Indonesia, of which more than 157 million were blocked as fraudulent – a block rate of 97.6 percent. Brazil saw a 29 percent increase in the number of infected devices, from 6.9 million in Q1 2019 to more than 8.9 million in Q1 2020.”