A weather app from Chinese company TCL Communications has once again been caught making digital purchases of premium services without the knowledge of the phone’s owner. It is the second time the app has been exposed for this activity.
First caught in January 2019 by mobile technology company Upstream to be triggering false premium transactions and, at the time, secretly harvesting consumer data, the app – called Weather Forecast: World Weather Accurate Radar – is preinstalled on specific Alcatel phones and also available on Google Play Store. Following the revelation by Upstream the app immediately ceased its background activity and was withdrawn from the Play Store.
However, after an idle two-month period and despite the earlier exposure, Upstream says its Secure-D mobile security platform combating advertising fraud detected and blocked some 34 million fresh suspicious transaction attempts from Weather Forecast. The version of the weather app preinstalled on Alcatel Pixi4 devices attempted to subscribe nearly 700,000 mobile consumers to premium digital services without their knowledge in just six months.
Revealing the rise of the fresh attacks, Upstream CEO Guy Krief said: “It seems lightning does strike twice. This weather app has lain low until the storm passed before returning to its old ways – with a spike in its rogue behavior just a couple of months after it was reported, followed by continuous suspicious activity in deliberately regulated volumes to continue siphoning funds while remaining below the radar. Repeat malware offenders are quite common as data available from Secure-D’s blocks reveals. Unchecked, these apps can create billions of dollars of fraudulent advertising revenue while seriously impacting consumers’ pockets and mobile service experience by eating up their data, incurring unwanted charges and affecting the performance of their phones.”
Upstream is advising Pixi4 Alcatel device owners to check their phones for unusual behavior. Users should regularly check their phones and remove any reported malware. They should also check their bills for unwanted or unexpected charges for accessing premium data services and to look out for signs of increased data usage which could indicate a malicious app is consuming data in the background. To help check for malicious mobile apps, Upstream launched the Secure-D Index earlier this year. A free-to-use malware detection center, the Secure-D Index lists suspicious mobile apps that the company has blocked around the world.
Secure-D is Upstream’s specialist solution used by operators to process mobile transactions and detect and block advertising fraud. Last year, the Secure-D platform processed more than 1.8bn transactions and found 30m consumer devices affected by some 63,000 malicious apps.
Guy Krief added: “The mobile advertising fraud market is worth some $40bn annually. Hiding within seemingly legitimate and often popular applications, undetected malware is damaging the industry’s reputation and leaving mobile operators and their consumers to pick up the tab. The scale of the problem can no longer be ignored, and security must become the mobile industry’s number one priority.”