Who knows that the app you downloaded to help you out in texting could be slowly and silently betraying you in the background. We are talking about the popular keyboard app called ai.type which is maliciously charging millions of android users for premium services without their knowledge and permission.
What!?
Yes. Researchers have recently noticed some suspicious activity and upon investigation, found the following:
- Around 14 million malicious transaction requests were identified and blocked
- They originated from 110,000 different devices
- All of them connected to the source- ai.type app
- The majority of active targets belong to Egypt and Brazil
- Around 18 million dollars in sneaky charges would have been collected from victims
What is AI.Type
Hailing from Israel, it is a popular Google Play Store that offers users a customisable keyboard and aids in quick and better writing using stored writing patterns.
While the app was successfully removed from Google Play Store around June this year, it boasts more than 40 million users with over 10 million downloads.
How does it do it?
Upon detailed investigation of two infected devices, it surfaced that,
- SDK (software development kit) frameworks that were used by the app were com.holly.marge, com.mb.num, com.bear.data and defpackage
- The frameworks sneakily connected targets to ad services
- Fake clicks were cooked up on the ads shown on the target devices
- It used hidden and encrypted information to aid the malicious activity
- The frameworks possessed code that injected JavaScript code to automate ad clicks
com.mb.num
This SDK had code code for a targeted mobile gaming platform. It was using automated clicks to subscribe a victim to the premium service without permission.
com.holly.marge
This SDK not only connected the device to ads but also created fake clicks to drive revenue for the attacker.
Moreover, ai.type had access to the messages, photos, contact, videos, and even storage of the user. It is important that users actively know what permissions apps (especially keyboard apps) are asking, to make sure that they don't get access to sensitive data that users type, like credit card passwords and other account details. Last month, an iOS bug allowed third party keyboard apps to fully access the details of what was being typed.
How to stay safe
There are a number of things users can do to ensure safety from such malicious money extracting operations:
- Check the credibility of an app before downloading it. You can go to forums or just do a quick Google search about the app and the developer to find out a little bit about it. People download apps impulsively thinking that everything on Play Store is trusted and safe.
- Check what permissions are granted to keyboard apps and make sure no one is enjoying access to something they don't really need like reading/writing storage and recording audio etc.
- Monitor your background activity to spot if any app is displaying unwanted advertisements sneakily.
- We known nobody checks text messages anymore, but keep an eye out for messages signifying suspicious transactions. And report as soon as you see something sketchy.
- This is perhaps the second most important safety measure- stay aware of what's happening around you. Security companies keep researching and busting hacking operations. All you can do is read them to stay on top of your own safety.
Share this with someone who might benefit from this news. Tell us what you think in the comments section.
Stay tuned, stay safe.
