Upstream has discovered that XOS Launcher, HiOS Launcher, Phoenix Browser, AHA Games, Cobo Launcher Easily DIY Theme are the five major apps infected by malware.
Upstream, a mobile technology specialist reported its full-stack anti-fraud platform found out that mobile users in Nigeria have been impacted by mobile malware during the COVID-19 pandemic.
In its report entitled “A Pandemic On Mobile- Mobile Ad Fraud and Malware”, Nigeria has 35 per cent low mobile internet penetration, tremendous growth potential but is a prime target for threat actors.
The insight gathered for Nigeria came from a 3- month sensor campaign that was aimed to determine fraud levels in the country which started from November 2020 to January 2021. During the study period, 415,000 mobile transactions and service sign-ups were processed.
Upstream’s Secure-D platform, detects and blocks threats on behalf of 35 mobile operators in 23 emerging markets around the world, during the 3-month period, 576 malicious apps are in use in Nigeria and are yet to be removed from the Google Play store.
It discovered that threat actors are increasingly turning their attention away from Google Play to other third-party app stores that are unregulated, and a total of 50 per cent of apps infected by malware went through Google’s official app storefront, a percentage much higher than the average 29 per cent in other countries.
The top five apps with suspicious behaviour that were blocked are:
- XOS Launcher
- HiOS Launcher
- Phoenix Browser
- AHA Games
- Cobo Launcher Easily DIY Theme
XOS Launcher, a popular phone customization app that claims to speed up handsets, was found present on 1,836 devices and 3,394 attempted fraudulent transactions were stopped. The app is still available on the Google Play store.
Globally, only 2.6% of devices are reported to be harbouring high-risk apps, signalling that some mobile markets are being disproportionately targeted by malicious actors.
Dimitris Maniatis, the CEO of Upstream stated that “Mobile users in emerging markets, especially in rural regions, tend to rely solely on their mobile devices to connect to the online world, something that has become essential during the pandemic.
These users tend to be digital novices, may access the internet for the first time, and use low-end Android devices. They are often unbanked, relying on their mobile phones to pay for goods and services. This dependency is making them more vulnerable to bad actors, especially throughout the health crisis, resulting in the high infection rates we have identified”
The pandemic has dramatically increased the risk of digital fraud, as more businesses and individuals turned to the internet for work, entertainment, shopping and socializing. During the past period, Gaming became the most popular app genre in the Google Play store for fraud, with 21% of all suspicious apps blocked coming from this category.
The top suspicious app of the period is “com.android.fmradio”, a radio player app, responsible for 99.8 million fraudulent transactions. The app has been removed from Google’s official app store.
Heavily featured in the top ten most malicious apps lists are system apps, which typically come preinstalled on low-end Android handsets, which are very popular due to their low price point. Freemium video apps such as SnapTube and VivaVideo are also main agitators in emerging markets.
To mitigate the impact of mobile fraud and protect users, especially in the world’s most vulnerable regions, Maniatis cites three key prerequisites: “Decisive self-regulation and market-wide vigilance on one side, and mobile network-level solutions that guarantee prevention through dedicated expertise and 24×7 monitoring on the other, are two essential parts of the solution.
As more of our life and work goes online, security will need to become an integral part of any digital offering and not an optional add-on feature”. He continues: “Combating fraud will ensure the mobile ecosystem retains its integrity and profitability and can keep providing communities with an essential and valued service”.
