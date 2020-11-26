A general report released by Upstream earlier this year revealed that in 2019 a staggering 93% of tracked mobile transactions had been blocked by Secure-D as fraudulent. More than 98,000 malicious Android apps were discovered, as well as 43 million infected devices in 20 different countries.

VivaVideo

VivaVideo is a “freemium” application that can be downloaded from Google Play, the official application store for Android. It offers basic video production features, including effects overlay and editing tools, fueling the popularity of new video sharing media like TikTok and Instagram Stories.

The VivaVideo application currently has more than 100 million registered installs, and a rating of 4.2 out of 5 in the Google Play user rating, where it is still available for download. The app developer is QuVideo Inc., registered in Hangzhou City, China. In May of this year, the VPN Pro company warned that it had found a spyware in VivaVideo, a banking Trojan called AndroidOS / AndroRat capable of stealing banking data from a user’s mobile, from services such as Paypal, cryptocurrencies or a bank account.

The app can still be downloaded from Google Play, but it has made the news again this month for another security reason: The cybersecurity and anti-fraud platform Secure-D, which operates in 20 countries through 31 operators, has revealed in its most recent report that VivaVideo has been trying to “initiate premium subscription attempts while launching invisible ads to mobile users who had the app installed to generate fake clicks.”

1 million affected

The report reflects that “more than a million devices have been infected in 19 countries, including Indonesia, Egypt, Thailand, Russia and the United Kingdom.” Brazil was the most affected locality, where there were more than 11.5 million attempts at fraudulent transactions that originated in the application. According to Secure-D, if it had not blocked fraudulent transactions in the country, “Brazilian users could have had to pay, inadvertently and unknowingly, 10.3 million dollars for services and subscriptions that they had not purchased.”

VivaVideo had previously ranked high on suspicious app lists, as the app has frequently topped Secure-D’s own Mobile Malware Index, prompting further investigation. However, the latest results, shared in this latest report, “shed new light on the scale and veracity of the problem.”

VivaVideo, thoroughly examined in the Secure-D lab on a real user’s device, was caught “making repeated attempts at fraudulent transactions, all of which were blocked by Secure-D. Some of the click and purchase attempts through fake and invisible ads actually occurred while the device was unattended. ” If these click-and-buy attempts had been successful, the advertiser would have paid a commission to the affiliate, who in turn would have paid the person responsible for the fraud.

A smart app

What also stands out is that the application was found to contain code snippets that check surveillance software installed on the user’s device. Upon inspection, VivaVideo stopped running all suspicious background activity when the monitoring app was installed, showing that scammers are continually improving the skills and tools they use. These code snippets are a common method bad actors use to stay undetected when it comes to mobile ad scams.

Geoffrey Cleaves, Head of Secure-D at Upstream, commented: “As video sharing becomes increasingly popular on apps like TikTok and Instagram, more users are looking for ways to edit their content. However, bad actors do too. they are increasing their activity and technology, and they are causing havoc in applications like VivaVideo. ”

Older versions of the app, from V7.4 downwards, are known to contain the Batmobi SDK, a recognized bad actor that Google has since banned from its store. However, despite this, the SDK continues to be shared by users with older versions of Android on their phones, often through third-party apps like ShareIt.



