A popular third-party keyboard app for Android smartphones makes unauthorized purchases.
The malicious Android keyboard app is called ai.type and, according to researchers at mobile technology firm Upstream, the app has been downloaded over 40 million times. It has recently been discovered that ai.type has been making millions of purchases of premium digital content; purchases that were not authorized by users.
The software masks its activity to spoof apps.
The malicious Android keyboard app, which was deleted from the Google Play Store in June, is a customizable on-screen keyboard app. Described as a “free emoji keyboard” by its developer, Israeli firm ai.type LTD, what users see when they interact with the app and what the app is doing in the background are not the same.
The app reportedly spoofs apps like Soundcloud. It also delivers millions of invisible adds and phony clicks. Unbeknownst to the user, it passes on their data regarding real clicks, views and purchases to ad networks.
Essentially, it runs in the background without the user knowing and transforms their smartphone into one of multiple bots of the network, which is control by fraudsters for the purpose of committing ad fraud, according to Upstream CEO Guy Krief, reports Forbes.
The Malicious Android keyboard app could have cost users up to $18 million in unwanted charges.
Upstream operates a mobile security platform called Secure D. On this platform the company works with mobile operators to safeguard subscribers against fraudulent activity on mobile devices.
To date, Upstream has detected and blocked over 14 million suspicious transaction requests from 110,000 devices that downloaded the ai.type keyboard. Upstream says that if these transactions had been processed, they would have potentially cost users as much as a whopping $18 million in unwanted charges.
That said, Krief added that malware can be responsible for creating fraudulent mobile advertising revenue in the millions of dollars range and that this can have a significant impact on consumers’ wallets and mobile service experience. The reason is that it can affect the performance of their device, incur unwanted charges and eat up their data.
Although the malicious Android keyboard app was removed from the Play Store in June, it can still be downloaded from third-party sites and currently exists on the phones of millions of Android devices.