Malware spotted on a weather app and some Alcatel smartphones
- The malware is expected to have made over 27 million transaction attempts which would have caused almost $1.5 million of losses.
- Most of the malicious activities originated primarily from two Alcatel smartphone models - Pixi 4 and A3 Max.
A malware was spotted on a weather app named ‘Weather Forecast-World Weather Accurate Radar’ which came preinstalled on Alcatel smartphones and was available for download on Google Play store as well.
The app was developed by TCL corporation which owns Alcatel, Blackberry, and Palm brands. The app which can be downloaded on Android devices had been downloaded and installed more than 10 million times.
A mobile security firm named Upstream detected the malware upon finding suspicious traffic originating from Alcatel smartphones. Upstream found that the malware-infected application collected users’ data and sent it to a server in China. The information collected includes geographic locations, email addresses, IMEI codes, and more.
Upstream also found that the malware-infected app attempted to subscribe users to premium phone numbers in certain regions, which incurred huge charges. The security firm noted that the malware would have made over 27 million transaction attempts and would have caused almost $1.5 million in losses.
- In Brazil, 2.5 million transaction attempts initiated from this app were blocked in July and August 2018. Those 2.5 million transactions were originated from 128,845 unique mobile phone numbers.
- In another premium digital service in Brazil, 428,291 transaction attempts initiated were blocked.
- In Kuwait, 78,940 transactions attempts initiated from Alcatel devices were blocked.
- Transaction attempts initiated by this malware-infected weather app on Alcatel devices were also blocked in Nigeria, South Africa, Egypt, and Tunisia.
Researchers from Upstream further noted that the malicious app ran in background on Alcatel mobile phones. The app also started hidden browser windows that loaded web pages and clicked on ads. Researchers also noted that most of the malicious activities originated primarily from two Alcatel smartphone models - Pixi 4 and A3 Max.
Google removed the app from Play Store
Upstream reported the malware to TCL Corporation and Google. Google immediately suspended the weather app from Google Play Store. Upstream is further working with TCL Corporation on investigating the issue.
Upstream told ZDNet that it's currently working with TCL Corporation on investigating the issue further. The company also said that they didn't investigate the other apps uploaded by TCL Corporation on the Google Play Store, however, they didn't find any suspicious activity originating from them either.