Secure-D discovers same developer code as seen in Vidmate case responsible for 70 million suspicious transactions in just six months
London, October 17th, 2019 – Snaptube, a popular Android smartphone video app which claims some 40 million users, has been caught making millions of suspicious transactions without the knowledge of its users. The Snaptube app features the same piece of developer software code, Mango SDK, that was at the center of the Vidmate expose earlier this year - when another popular video app from a Chinese developer was found to be conducting mass scale advertising and premium services’ subscription fraud. Snaptube also displays a common traffic pattern and similar URLs and domains as those reported with Vidmate.
Specialist mobile technology company Upstream – whose Secure-D platform is used by operators to safeguard digital transactions detecting and blocking mobile fraud – has revealed that in the last six months its security platform blocked 70 million potentially fraudulent transactions triggered by the Snaptube app.
Unchecked, the company estimates these transactions would have cost the 4.4 million consumers whose devices were affected more than $90 million in unwanted charges from premium digital services.
“Only the app downloads and clicks on the adverts,” explained Upstream CEO Guy Krief, “nothing is shown on the handset screens. The video app is literally a screen for the suspicious background activity.”
Upstream tested its initial findings under laboratory conditions. The tests proved that the Snaptube app – developed by Chinese company Mobiuspace – was able to serve up and respond to advertising in the background without its users’ consent or knowledge.
“Under test conditions we found not just background advertising click fraud, but also countless examples of users being signed up for premium digital services or subscriptions even when the phone is not in use,” explained Krief. “No notifications appear on the screen whatsoever and the user has absolutely zero control.”
“Not only does Snaptube share similar characteristics and elements of software code as Vidmate,” Krief added, “it is also notable that the suspicious activity from Snaptube ceased soon after the publication of a media report about the Vidmate compromise.
Upstream says that users in Brazil, Egypt, Sri Lanka, Malaysia and South Africa have been the most affected by the attacks which are still ongoing.
“We are blocking new threats every day,” says Krief, “and we would advise anyone using the Snaptube app to carefully watch their phone bills and report to their operator any subscriptions or charges that they did not authorize” he added. Upstream advises users to delete an app from their phones if they see signs of irregular activity pointing to a suspicious application consuming data in the background.
Last year, Upstream’s Secure-D platform processed more than 1.8 billion transactions for mobile operators and in the process found some 30 million consumer devices affected by more than 60,000 malicious apps. Based on its findings, the company launched the Secure-D Index earlier this year - a free-to-use malware detection center that lists all the suspicious mobile apps that Upstream has blocked around the world.
For the full report on the investigation please click here.