Upstream’s Secure-D detects malware spike in Q1 2020 with 29,000 malicious Android apps at play, double 2019 figures
June 2020 by Secure-D at Upstream
The total number of mobile applications identified as malicious in the first quarter of 2020 has doubled compared to the first quarter of 2019. This is according to new data released by Secure-D, Upstream’s full stack anti-fraud platform, covering 31 mobile operators in 20 countries at the beginning of 2020. In Q1 the security platform detected more than 29,000 malicious apps versus just over 14,500 during the same quarter of last year. The first quarter also saw a dramatic 55% spike in the number of fraudulent mobile transactions and an increase in the number of malware infected mobile devices.
The data demonstrates that alarmingly, nine of the 10 top malicious apps of 2020 for the quarter are - or were at some point - available on Google Play, meaning they have passed the security checks in place. For the full year 2019 the proportion of the top 100 malicious apps available on Google Play stood at 30%, according to Secure-D’ proprietary data for the year.
In Q1 2020, six out of 10 of the top malicious apps fall under the general description of “leisure” apps, offering a way for people to pass their time, including “video players & editors”, “news & magazines”, “games” and “social”. With lockdowns in effect in most parts of the world for a good part of the quarter, this indicates that fraudsters have been targeting applications that people download as they look to pass the time and entertain themselves, unable to socialize and venture outdoors.
Geoffrey Cleaves, Head of Secure-D at Upstream, commented: “With the majority of the world having shifted indoors, there were some darker forces acting to make a profit from the lockdown situation. At Secure-D, we’ve seen a sharp increase in bad actors publishing "leisure" apps on the Google Play Store, which trick users into subscribing for premium services.”
Fraudsters tend to target Android handsets specifically because the operating system is easier to work with, with a host of unofficial places to visit and download apps. In markets like Brazil, a large proportion of consumers use prepaid credit to purchase digital services, enabling bad actors to subscribe users to services without their knowledge.
The most troublesome app to date in 2020 is Snaptube, a video downloader app that has been downloaded more than 40 million times worldwide. In 2019, Upstream’s Secure-D platform logged 70 million fraudulent transactions through the same app - more than half of them in Brazil. In October 2019, Upstream reported the app, however it is still available through many third party app stores. The Secure-D platform has blocked more than 32 million fraudulent transactions relating to Snaptube so far in 2020.
Furthermore, in the first quarter of 2020, Upstream’s security platform processed more than 326 million mobile transactions and blocked almost 290 million, having identified 89% of total transactions as fraudulent. The data highlights a dramatic spike in the number of global transactions blocked as fraudulent, up 55% from the previous year, when 186 million were blocked out of the 208 million transactions processed.
Regarding the infected devices Secure-D has found, there is an uptake of 7% compared to last year’s first quarter. In Q1 2020 11.2 million malware infected devices have been detected, compared to 10.5 million the previous year.
According to the new data available, Indonesia, Brazil and Thailand have seen dramatic spikes in fraudulent activity. Secure-D processed more than 161 million transactions in Indonesia, of which more than 157 million were blocked as fraudulent - a block rate of 97.6%. Brazil saw a 29% increase in the number of infected devices, from 6.9 million in Q1 2019 to more than 8.9 million in Q1 2020. In Thailand, the platform blocked more than 1,500 malicious apps.
It is unknown at this stage how the COVID-19 pandemic will shape 2020 figures, but the impact is likely to be significant. Geoffrey Cleaves explains: “Being in lockdown means prepaid customers will find it difficult to get out the front door to top up their data bundles. In the meantime, malware could be eating into those data bundles. I suspect we may see a drop in mobile internet traffic, and successful billing attempts, in predominantly prepaid developing markets while lockdowns are in force”.
Readers can download the full 2019 report for an in-depth look at the state and workings of mobile ad fraud, including insights on five emerging markets: Brazil, Egypt, Indonesia, South Africa and Ethiopia. To draw comparisons, the report also uses snapshots of the state of malware in the United Kingdom and the USA.