Read time: 3 minutes

Exposed: Bot family infecting mobile users on two continents

By , ITWeb
Africa , 23 Dec 2019

Exposed: Bot family infecting mobile users on two continents

French anti-fraud solutions provider Evina has unmasked malware on the GooglePlay app store that has been downloaded over 285 000 times by mobile users in 11 African and European countries.

The malware dubbed 'Venus' has been detected in eight apps so far and takes the form of a family of Trojan bots that have now made their way into Belgium, France, Germany, Guinea, Holland, Morocco, Poland, Portugal, Senegal, Spain and Tunisia.

Of the eight Venus malware apps that were discovered by Evina, only one has been removed from the PlayStore after being downloaded over 100 000 times.

The company advises mobile users to avoid flashlight, scanner and wallpaper applications.

The purpose of the Venus malware that has been attacking users since October is to stimulate interaction with adverts and subscribe to premium services without the mobile user noticing. "The user's browser is invisible during the interaction which makes this latest global mobile fraud particularly effective," says Maxime Ingrao, Evina Security Analyst.

According to the company, it helped penetrate the veil of secrecy around Venus by building a honeypot around a network of 3G SIM card proxies. It was soon noticed that data allowances were being rapidly consumed by certain apps.

"Codes of the apps were analysed by Evina engineers who soon encountered protected as well as missing files which together create a suspicious combination. Embedded URLs and javascript commands redirect to premium services and to sites containing ads from where the fraudsters are remunerated," reads an excerpt from the company's statement.

Fortunately, even protections against reverse engineering were not enough to protect the fraudulent code from eventual discovery by Evina's mobile sleuths.

"This bot family are super smart as they never attack on the first day of installation and wait for the right time to launch more than one invisible browser,' Ingrao adds.

Anecdotal evidence suggests that fraudulent payments on mobile phones is on the rise. "By ensuring secure mobile payment, we are ensuring the long-term sustainability of mobile monetisation" says David Lotfi, Evina chief executive officer.

Fraud on mobile is growing and the many anti-fraud solutions available are, in fact, not suited to digital monetisation as they block genuine conversions and slow down or complicate user paths.

"Once again, we see that mobile fraud doesn't have borders. The only way we will stamp out the fake clicks and installs that threaten the profitability of the world's entire mobile ecosystem is to implement effective anti-fraud technology at API level," explains Lotfi.

Read more
Daily newsletter