Nearly 1.7 million mobile subscribers are infected with mobile malware in South Africa alone, reports 2019 data by mobile security company, Secure-D.
According to the company, malware is the main culprit responsible for airtime theft and mobile ad fraud evident in the country, with 18,000 instances found on South African users’ devices.
How malware highjacks mobile devices
Mobile malware can either be downloaded on the device by the user via an app or come pre-installed. Once activated on the device, mobile malware becomes part of a “botnet” (short for robot network) of infected devices. These botnets, networks of malware-infused devices, are being remote-controlled at scale by a “bot-herder”.
In the case of mobile ad fraud, the malicious application visits websites, clicks on banner ads and simulates a real person going through a subscription or other Direct Carrier Billing purchase processes. It even overrides a two-step authentication process all the while remaining undetected by the user. The fraudsters’ goal is to claim pay-outs from advertisers for bogus traffic.
The result is unsolicited airtime charges with users being able to detect the early signs of malware infection when they see their mobile data plan being rapidly depleted with no apparent reason.
What is especially tricky about mobile malware is that it continues to operate without raising the suspicions of the user of the device. Tricks include making sure the app functions well even when malware runs in the background or ensuring that excessive battery drain doesn’t occur. Some apps change their name after they have been downloaded or remain totally out of sight i.e. they cannot be found at the homepage of a device with an app icon.
The worst offending apps in the country from June to August 2020, according to Secure-D, are:
- Shareit – Sharing app with cross-platform transfer speed and free online feeds including movies, videos, music, wallpapers, GIFs.
- Vivavideo – An app for editing photos and videos. It has been downloaded more than 100 million times worldwide, and Secure-D has blocked more than half a million fraudulent transactions originating from the app in South Africa alone.
- StatusSaver – An app that shows users’ statuses from four different apps and environments.
What users can do
To avoid falling victim to unwanted purchases or lose pre-paid credit, Android users, in particular, should check their phones to see if they have any of the apps flagged as suspicious installed. If so, they should uninstall them immediately and review any new mobile airtime charges for possible fraud.
Follow IT News Africa on Twitter