To say 2020 has been an unusual year would be a tremendous understatement. As the global pandemic took hold and millions went into lockdown, pressure mounted on mobile network operators to keep us connected and entertained. Thankfully, many of them stepped up to the challenge, working hard to close the digital gap in emerging markets where some people are solely dependent on expensive mobile data to access the internet.
However, this increased use and reliance on smartphones has left us more vulnerable to fraudulent scams and malicious apps, both of which have seen a staggering rise in the past year.
Our data, covering 31 operators in 20 countries, shows there was an unprecedented spike in malicious malware at the beginning of the pandemic. In the first quarter of the year, more than 29,000 malicious Android apps were identified. It was more than double the figure reported in 2019.
The worst offending apps were still available to users — if not directly via Google Play, then via third-party stores — resulting in a 55% peak in the number of fraudulent mobile transactions. Concerningly, six out of the top 10 suspicious apps identified are still — or were until very recently — available on via the official Google app store.
As darker forces acted to make a profit from the lockdown situation, we saw a sharp increase in bad actors publishing so-called leisure apps on the Google Play Store, which trick users into subscribing for premium services.
The most troublesome app from January to May 2020 was called Snaptube, a video downloader app that had, at the time, been downloaded more than 40 million times worldwide and had triggered more than 30 million suspicious transactions.
The previous year we had logged 70 million fraudulent transactions from this app, with more than half of them originating in Brazil.
This underlines an emerging trend of bad actors targeting emerging markets like Brazil and South Africa, but other areas are far from immune. This isn’t a problem exclusive to mobile network operators or service providers like Google either.
Looking ahead to 2021, cases of pre-installed malware are likely to increase and fraudsters become more sophisticated about how they achieve it. Although we are seeing bad actors trying to get their malware into the Google Play store, it’s becoming increasingly difficult for them to bypass filters. It is much easier, perhaps, to trick a phone manufacturer to pre-install the app, thereby avoiding Google Play security and guaranteeing a large user base. Most OEMs, particularly smaller ones, do not have the necessary quality control budget or knowledge to ensure pre-installed apps are 100% secure.
This was demonstrated perfectly in 2020 by the ‘Triada’ malware, which came pre-installed on thousands of low-cost handsets made by one of China’s leading manufacturers, Transsion.
To offer an idea of scale, Transsion shipped 124 million handsets globally in 2018, and it’s currently the top-selling brand of phone in South Africa, most likely due to its affordability. When Transsion rolled out its Tecno W2 smartphone, it came pre-installed with Triada, which acts as a software backdoor and malware downloader. It installs a trojan known as xHelper which persists across reboots, app removals and even complete factory resets, making it extremely difficult to deal with even for experienced professionals.
Once it has connected to a network, the malicious application starts to locate new subscription targets and submits fraudulent requests without the user’s permission, draining their balance or charging to their account.
Broader problems
The Transsion incident was indicative of broader problems emanating from China. This year has seen an increase in successful ransomware attacks along with associated arrests in Europe and CIS. Meanwhile, bad actors in China perpetrating ad fraud and mobile malware remain outside of the reach of the law.
I predict more risk-free ransomware attacks originating from China in 2021, with an increase in those ransomware attacks targeting handsets. Indeed, four of the top 10 most suspicious apps of Q3 2020 are tied to MEIZU, another Chinese manufacturer that sells low-cost android devices, primarily in emerging markets.
Handsets like those sold by Transsion have made South Africa one of the most vulnerable markets in the world when it comes to malware. Upstream’s security platform, Secure-D, detected nearly 1.7 million infected handsets in 2019 in South Africa alone. It’s led to an epidemic of “airtime theft” with apps like VivaVideo carrying malware that generates invisible ads with fake clicks, whilst also signing users up to premium services without their consent. It’s created a multi-billion dollar problem for advertisers, and is something the industry is working hard to stamp out.
While there are acute cases in emerging markets that deserve our attention, this is clearly a global problem. In the first quarter of 2020 alone, Secure-D processed a total of 326 million mobile transactions, of which 290 million were blocked as fraudulent. That’s a staggering 89% of total transactions identified as malicious, and a 55% increase from the previous year.
Network operators are going to have to work harder than ever before to protect their customers and their revenue streams, but it is doable. The pandemic has prompted a shift to digital and an uptick in the number of devices and users, as well as the length of time users spend on their handsets.
This could serve to make customers more vulnerable, but MNOs can turn this to their advantage by continuing to digitise their portfolios while constantly adding new revenue streams.
One thing they have to bear in mind, however, is that a passive reliance on so-called toxic revenue — or revenue that is gained inadvertently through malware — is not sustainable long-term.
It hurts customers, and it hurts the market more generally. So, looking forward, network operators are having to increase their focus on fraud prevention technology, not only for themselves, but for their customer’s protection and overall brand experience.