A malware was spotted on a weather app named ‘Weather Forecast-World Weather Accurate Radar’ which came preinstalled on Alcatel smartphones and was available for download on Google Play store as well.
The app was developed by TCL corporation which owns Alcatel, Blackberry, and Palm brands. The app which can be downloaded on Android devices had been downloaded and installed more than 10 million times.
Malicious activities
A mobile security firm named Upstream detected the malware upon finding suspicious traffic originating from Alcatel smartphones. Upstream found that the malware-infected application collected users’ data and sent it to a server in China. The information collected includes geographic locations, email addresses, IMEI codes, and more.
Upstream also found that the malware-infected app attempted to subscribe users to premium phone numbers in certain regions, which incurred huge charges. The security firm noted that the malware would have made over 27 million transaction attempts and would have caused almost $1.5 million in losses.
Researchers from Upstream further noted that the malicious app ran in background on Alcatel mobile phones. The app also started hidden browser windows that loaded web pages and clicked on ads. Researchers also noted that most of the malicious activities originated primarily from two Alcatel smartphone models - Pixi 4 and A3 Max.
Google removed the app from Play Store
Upstream reported the malware to TCL Corporation and Google. Google immediately suspended the weather app from Google Play Store. Upstream is further working with TCL Corporation on investigating the issue.
Upstream told ZDNet that it's currently working with TCL Corporation on investigating the issue further. The company also said that they didn't investigate the other apps uploaded by TCL Corporation on the Google Play Store, however, they didn't find any suspicious activity originating from them either.
Publisher