We’ve all heard it before, “don’t download third party apps from an App Store” since most of them are malware ridden. But, only a few of us actually follow the advice, speaking of which, in a recent security breach, millions of Android users have faced unwanted charges because of a third party keyboard application. This keyboard app secretly signed up its users for a purchase of premium digital services without their knowledge.
The app, named, “ai.type”, is a customisable Android third-party keyboard app which was downloaded by over 40 million users and led to millions of transactions that were unasked for by the users of the app. It’s developed by an Israeli firm “ai.type LTD” and the app is described as a “Free Emoji Keyboard”. Also, although the app had been removed by Google from the Play Store in June 2019, it still resides on millions of Android devices and is available on Android marketplaces.
The findings of the breach have been disclosed by Secure-D, a mobile security platform by leading technology company Upstream. The app has been reportedly delivering millions of invisible ads and fake clicks while also delivering real user data about views, clicks and purchases to different ad networks. Also, $18 million of fraudulent charges from the app have been blocked by the malware security platform Secure-D, given that it blocked over 14 million suspicious transaction requests from only 110,000 unique devices. Although this security breach was recorded across 13 countries, it was observed to be particularly high in Egypt and Brazil.
Upstream has advised all its customers who have downloaded the free “emoji keyboard” to analyze their phones for any kind of peculiar behavior. Furthermore, users should keep tabs on their phones and looks for signs of malware such as increased data usage.
In a digital age that we live in today, it’s all too common for hackers to probe into our private data with the help of advanced hacking techniques and methods. This is why we must make ourselves more digitally aware to mitigate and prevent such consequences of a modern day cyber attack.