In the third quarter of 2020 there has been a consistent and significant increase in mobile malware activity with Asia at the epicentre, according to new data published by Secure-D, Upstream’s full-stack anti-fraud platform, which currently covers 30 operators in 20 countries.
The data shows that 97% of all mobile transactions in the region have been flagged and blocked as fraudulent.
More than half of the activity blocked was found in worst hit Indonesia, where malicious app activity is skyrocketing. The top ten worst offending apps worldwide for the quarter appear to either have a direct link with the official Android app store or a specific handset manufacturer.
Indonesia in the spotlight
In Asia, where mobile malware soared during the third quarter of 2020, Indonesia saw 98% fraudulent transactions from a total of 164 million transactions processed. This represents 64% of all transactions Secure-D blocked around the world during Q3 2020. That’s five times the number the anti-fraud platform blocked in the country during the same period last year and three times bigger than the previous quarter of 2020.
In total, 310,000 users in Indonesia were found carrying malware infected devices, equating to one fifth of all infected users Secure-D detected globally, and one third of those across Asia. The number of suspicious mobile apps in the country has doubled compared to Q3 2019, jumping from 3,129 to 6,288. This adds yet further evidence to the theory that bad actors are using the pandemic to take advantage of a relatively captive mobile userbase.
In Asia, Upstream’s full-stack anti-fraud platform is deployed with 11 operators across eight countries. Data for the penultimate quarter of 2020 shows that Thailand, United Arab Emirates and Malaysia have also experienced an increase in fraudulent malware activity. The number of suspicious transactions stopped due to fraud in Thailand stood at 7.2 million, out of eight million transactions processed. This is double versus the same quarter last year. Malaysia saw a 30% increase in the number of transactions blocked, and the UAE experienced a 16% increase.
This rise in fraudulent activity isn’t simply down to the same users and apps pushing through more transactions. In Thailand, for example, the number of infected users has increased by 700% from 23,275 in Q3 2019 to 178,857 in Q3 2020. The number of blocked apps has also increased from 157 in Q3 2019 to 1,459 in Q3 2020.
Geoffrey Cleaves, Head of Secure-D at Upstream, commented: “An increasing number of people are opting to stay at home due to the pandemic, and many have become dependent on their mobile phones for entertainment, news and socializing. At Secure-D, we are noticing a sharp increase in malicious activity from bad actors publishing apps, even on the Google Play Store, that blindside users, purchasing subscriptions and premium content without their consent.”
Worst offending apps
Nine out of the top 10 worst offending apps of the third quarter of 2020, including Capping by Englory InterTech and the VivaVideo app, and 37 out of the top 50 offenders are or have, at some point, been available on Google Play.
In the top 10 list for Q3 there are also four apps published by MEIZU, a relatively low-cost Chinese Android mobile handset manufacturer. These four apps are: com.meizu.safe, com.meizu.assistant, com.meizu.flyme.weather and com.meizu.flyme.launcher.
The worst offending app is com.meizu.safe, triggering 35.7 million suspicious transactions. These four MEIZU apps combined are responsible for over 45 million suspicious transactions in the quarter, having infected the devices of more than 135,000 mobile users.
Rest of the world
Asia is not alone with respect to rising malware incidents. Russia is also suffering from an increase in fraudulent transactions, with the block rate (the number of transactions barred, divided by the number of transactions processed) rising from a 66% in Q2 2020, to 94% in Q3 2020.
In South Africa, more than 460,000 infected users were detected in Q3, a 70% increase compared to the same period last year. In Ivory Coast, mobile malware spiked in comparison to the previous quarter, with fraudulent transactions jumping from 72,361 to 156,885. The number of malicious apps increased from 406 to 520, and number of infected devices from 7,269 to 19,220.
More than 76 million transactions were identified and blocked in Brazil in Q3, a 77% increase on the previous quarter, while the number of suspicious apps detected rose by 30%, from 3,974 to 5,167.
This Q3 2020 data from Upstream is just the latest in a series of reports from the mobile technology company that point to a consistent and significant increase in mobile malware activity. Only last week the company’s mobile transaction anti-fraud platform released its investigation into VivaVideo, a popular video editing Android app, found performing more than 20 million suspicious transaction requests since early 2019 that could have cost users more than $27 million in unauthorized premium charges.