According to digital forensics specialists, a malicious code injected into a mobile app to customize the keyboard of an Android device has generated millions of dollars in unauthorized charges for its unfortunate users.
Researchers, from mobile security firm Upstream Systems, report that through the keyboard substitute app called ai.type, a group of hackers have made fraudulent charges for up to $18 million USD against users. Before being removed from the Google Play Store, the app had almost 40 million downloads, and is also available on external sites.
The app, which at first glance looks like a simple customizable emoji keyboard, contains a hidden malicious code to avoid detecting a set of charges for ‘Premium services’, so users don’t detect these charges until they appear on their banking statemens.
The app also allows fraudulent clicks to be generated and is even able to disguise its traffic, posing as other Android apps, digital forensics experts mention. “Ai.type does most of its activities by falsifying traffic from popular apps, such as SoundCloud”, they mention. The team of experts tried to contact the developers, although they have not yet gotten a response.
According to the report, most of the fraudulent charges made by ai.type were registered during the month of July, shortly after Google removed this app from its official store. By then, the app was still installed on millions of devices; in addition, as already mentioned, it is still possible to find it on unofficial sites.
“The components responsible for making these fraudulent charges are not on the keyboard, but are hidden in the software development frameworks, that is, they are inside the app,” the experts say. When activated, these components start clicking on ads to register victims on Premium services on various platforms and generate fake traffic for commission revenues.
International Institute of Cyber Security (IICS) digital forensics specialists recommend users uninstall this app as soon as possible, as well as avoid installing apps from unknown sources in the future.