Mobile technology company Upstream discovered that the popular app 4shared caused suspicious background activity on Android devices by displaying invisible ads, generating fake clicks, and buying premium digital services while transmitting real views, clicks, and purchases to ad networks. The company's security platform, Secure-D, has successfully detected and blocked more than 114 million suspicious mobile transactions launched by the app from 2 million unique mobile devices in 17 countries. Had Upstream not blocked these transactions, it would have signed users up for premium digital services, potentially costing them up to €150 million in unwanted charges. The suspicious activity, which is still ongoing, is mainly concentrated in Brazil, while Indonesia and Malaysia were the other most affected markets. Guy Krief, CEO of Upstream, provided additional information on the company's discovery, stating: "The increasing sophistication of malware masquerading as seemingly benign and often very popular applications, as well as the scale of the problem. No entity in the mobile ecosystem is unscathed. From app developers to ad networks, advertisers, advertisers and malware, their credibility and revenues are eroding. Most mobile operators take the blame, while consumers not only do they remain largely unprotected and unsophisticated, but they are also expected to foot the bill Mobile ad fraud, a €40 billion industry, will be healthy unless mobile security becomes a priority for the industry ".
4shared
4shared is a highly rated and popular Android app that allows users to store and share video and audio files. The app has generated more than 100 million downloads on the Play Store and is ranked second in its category in Austria, seventh in Italy and tenth in Switzerland. In April this year, the app was abruptly removed from the Play Store and replaced the next day. Instead of updating the app, its developers introduced a new app that retained the original 4shared icon. The new app has already been downloaded more than 5 million times and does not contain code responsible for suspicious activity. However, more than 100 million users who have installed the previous version of 4shared are still concerned. The Secure-D survey found that the old 4shared app contained software development kits (SDKs) with embedded, hard-coded links to control and control servers that access online advertisements through a series of redirects. The application then downloads a JavaScript file that triggers automatic clicking and sets cookies to determine if a "click" has already been created for a specific ad in the past. The app also sends personal data to various servers located in the British Virgin Islands and the United States after receiving user consent. Secure-D also discovered that 4shared was trying to hide its identity while carrying out suspicious activity by taking the name of legitimate applications. If 4shared is installed on your device, it is recommended to uninstall it immediately and those who want to know more about the incident can view the full investigation report.