Popular application harmed over 10 million users worldwide

Upstream reveals that some Alcatel mobile devices sold with pre-installed malware in the form of weather forecasting application.

This application was also available through Google Play, with over 10 million downloads worldwide. The Upstream‘s findings have been published in the prestigious Wall Street Journal, as well as other international networks such as the BBC and the Times of London.

The digital security platform of Upstream, Secure-D, detected the suspicious activity in Android app “Weather Forecast – World Weather Accurate Radar” on markets in Brazil and Malaysia. This application was detected pre-installed on specific mobile Alcatel models, as the Pixi 4 and Max A3, which are manufactured by the Chinese company TCL; known as a manufacturer of mobile devices Alcatel and Blackberry.

Until recently, the application was also available free through Google Play, where over 10 million users worldwide have already owned.

The digital security platform of Upstream Secure-D discovered that the application was generating online advertising fraud, by uploading Web pages with ads and “clicking” on them, also by collecting and sharing of users’ personal data to servers in China. The malicious activity of application resulted in the exhaustion of the users’ data (mobile data), via the overconsumption of up to 250MB per day, and the interception of their airtime balance (airtime credit), after attempting to register them, for a fee, to digital services without their consent.

Guy Krief, CEO of Upstream, said:

“The rapid penetration of smartphones and the growth of mobile advertising, creates the ideal environment for on-line advertising fraud, mainly from malware. Only in 2018 was recorded an on-line advertising scam of around $19 billion, which may also result in financial theft by affecting not only advertisers but directly the final consumer wallet”.

It is noteworthy that the Secure-D Group of Upstream, which is based in Athens, has blocked more than 3 million fraudulent transaction attempts of the malicious application in 7 markets. If they were not blocked, a $1.5 million fraud would have been caused by the use of available talk time and user data in Brazil, Malaysia, Nigeria, South Africa, Egypt, Kuwait and Tunisia.