Threat actors move from Google Play - 71% of malware-infected apps now on 3rd party stores
London, Apr 21st 2021 – Mobile users already disadvantaged by an economic and digital divide have suffered the most from digital fraud throughout the COVID-19 pandemic. In emerging markets such as Brazil, Indonesia, South Africa and Thailand, 16 percent of mobile devices that processed a transaction were found to be infected with malware.
That’s according to data from mobile technology specialist, Upstream, and its full-stack anti-fraud platform, Secure-D, just released in a 2021 report entitled: “A Pandemic On Mobile - Mobile Ad Fraud and Malware”. Insights come from Secure-D processing 1 billion mobile transactions and service sign-ups for 35 mobile operators in 23 emerging markets covering nearly 840 million users.
The report reveals the scale of the impact of the COVID-19 pandemic on mobile ad fraud and malware. Secure-D, which identifies and blocks threats on behalf of mobile operators, detected 46,000 malicious apps in circulation, with a global block rate of 95 percent. This translates as roughly one in six (16 percent) mobile devices carrying at least one infected app. Globally, only one in 36 (2.6 percent) of devices are reported to be harboring high-risk apps. It is estimated that end-users in the 23 markets Secure-D covers avoided $1.3 billion in losses owing to fraudulent sign ups being blocked in 2020.
“One example of how malicious apps operate is the ‘Best QR Code Scanner’, an app removed from Google Play, that triggered 15,997 transaction attempts from a single user’s mobile in Brazil in just one month”, says Head of Secure-D at Upstream, Geoffrey Cleaves.
Emerging markets disproportionately impacted
Out of the countries covered, the highest infection rates were found by Secure-D in Indonesia, where over 99 percent of mobile transactions were flagged as fraudulent and subsequently blocked by the platform. Brazil followed with a block rate of 96 percent, with Thailand a close third at 92 percent.
Mobile users in these regions tend to rely mostly on their mobile devices for connecting with the online world. Due to the poor fixed network infrastructure and lack of WI-FI, many of these users are digital novices and are faced with relatively high data costs compared to those in developed markets. Millions of people in the developing world are also unbanked and rely on their mobile phones to pay for goods and services. This dependency is making them more vulnerable to bad actors, especially throughout the health crisis, resulting in higher infection rates.
Shift from Google Play - COVID-19 as incubator for malicious apps
Data from the Upstream malware report for the past period indicates that threat actors are increasingly turning their attention away from Google Play to other third-party app stores. 71% of malware-infected apps are available to consumers on such stores. This is a sharp rise from 49% 12 months prior, demonstrating a shift in fraud towards less secure and unregulated sources. Google Play proves to be the safest choice for downloading Android applications, however the 29% of malicious apps recorded that still went through Google (7% were removed from the store) show that even apps from legitimate sources can be compromised.
The COVID-19 crisis dramatically intensified the risk of digital fraud as most business and personal activity went online. Since the outbreak, gaming thrived and fraudsters followed the money trail. Secure-D data confirms this, with “Games” becoming the most suspicious app category in the Google Play store, surpassing “Tools and Personalization” apps that were the most favored by fraudsters in 2019. Even popular, legitimate gaming apps were targeted, such as the “Farm Fruit Pop: Party Time” app.
The top suspicious app of the period is "com.android.fmradio", a radio player app, responsible for 99.8 million fraudulent transactions. The app that had infected 356,270 devices globally was blocked by Secure-D, and has been removed from the Google Play store.
Heavily featured in the top ten most malicious apps lists are system apps, which typically come preinstalled on low-end Android handsets. These handsets are often the most popular phones in emerging markets due to their low price point. Freemium video apps such as SnapTube and VivaVideo are also main agitators in emerging markets, with the latter trying to initiate premium subscriptions while delivering invisible ads to users in order to generate fake clicks, causing a multi-million dollar problem for the mobile advertising ecosystem.
Upstream CEO, Dimitris Maniatis, says: “The disruption from the pandemic has resulted in a sudden surge of online activity for business, schooling, entertainment and socializing. This has in turn caused a spike of fraudulent activity from bad actors looking to exploit the situation. The digital divide has left users in emerging markets particularly vulnerable, not only because they depend on tools like direct carrier billing, but because their mobile devices are often their only gateway into the online world”.
Telecom operators recognize data and security as one of the top challenges in their road to digitalization, yet more than half have no data security strategy in place. To mitigate the impact of mobile fraud and protect users, especially in the world’s most vulnerable regions, Maniatis cites three key prerequisites: “Decisive self-regulation and market-wide vigilance on one side, and mobile network-level solutions that guarantee prevention through dedicated expertise and 24x7 monitoring on the other, are two essential parts of the solution. As more of our life and work goes online, security will need to become an integral part of any digital offering and not an optional add-on feature”. He continues: “Combating fraud especially in developing regions will ensure the mobile ecosystem retains its integrity and profitability and can keep providing communities with an essential and valued service”.
 Symantec, “Internet Security Threat Report Volume 24”, 2020
 Reported global video game revenue surged to $180bn in 2020 from $150 bn a year before- MarketWatch.com, “Videogames are a bigger industry than movies and North American sports combined, thanks to the pandemic”, January 2, 2021
 The app recorded 31k suspicious purchase attempts in 2020 from just two (2) in the previous year.
 Upstream, Road to Digital Report, January 2021
For more information please contact:
Sonus PR for Upstream, UK
P: +44 20 3751 0330
Upstream is the go-to technology partner for enterprises in emerging markets seeking to achieve digital growth. As a leader in mobile technology -for the past 20 years- we provide innovative solutions that speak to 1.2 billion consumers. We help our partners unlock new revenue streams boosting their customer engagement and acquisitions, driving conversions and reducing churn. Our end-to-end solutions invigorate the end customers’ experience and engagement via Upstream’s personalized digital journeys and omnichannel approach. We make migration to digital sales only a matter of weeks with no need for upfront investments. And all this with a unique added layer of digital transaction security powered by our award-winning security platform, Secure-D, driving fraud-free revenue and end-user protection. Upstream currently works with more than 60 companies in Telco, Insurance and Retail in over 45 countries in Latin America, Africa, the Middle East and South-East Asia.