French anti-fraud solutions provider Evina has unmasked malware on the GooglePlay app store that has been downloaded over 285 000 times by mobile users in 11 African and European countries.
The malware dubbed ‘Venus’ has been detected in eight apps so far and takes the form of a family of Trojan bots that have now made their way into Belgium, France, Germany, Guinea, Holland, Morocco, Poland, Portugal, Senegal, Spain and Tunisia.
Of the eight Venus malware apps that were discovered by Evina, only one has been removed from the PlayStore after being downloaded over 100 000 times. Evina’s advice for mobile users is to avoid flashlight, scanner and wallpaper applications.
The purpose of the Venus malware that has been attacking users since October is to stimulate interaction with adverts and subscribe to premium services without the mobile user noticing. “The user’s browser is invisible during the interaction which makes this latest global mobile fraud particularly effective,” says Maxime Ingrao, Evina Security Analyst.
Evina helped penetrate the veil of secrecy around Venus by building a honeypot around a network of 3G SIM card proxies. It was soon noticed that data allowances were being rapidly consumed by certain apps.
Codes of the apps were analysed by Evina engineers who soon encountered protected as well as missing files which together create a suspicious combination. Embedded URLs and javascript commands redirect to premium services and to sites containing ads from where the fraudsters are remunerated.
Fortunately, even protections against reverse engineering were not enough to protect the fraudulent code from eventual discovery by Evina’s mobile sleuths.
“This bot family are super smart as they never attack on the first day of installation and wait for the right time to launch more than one invisible browser,’ Mr Ingrao adds.
Evina is a Paris-based scale-up that spent over a decade developing Evina DCBprotect, now the world’s leading telecoms payment protection.
Anecdotal evidence suggests that fraudulent payments on mobile phones is on the rise.
“By ensuring secure mobile payment, we are ensuring the long-term sustainability of mobile monetisation” says David Lotfi, Evina CEO.
Fraud on mobile is growing and the many anti-fraud solutions available are, in fact, not suited to digital monetisation as they block genuine conversions and slow down or complicate user paths. Evina’s team are experts in detecting and blocking genuine fraud while ensuring a smooth payment flow. The user experience is preserved while customer complaints are reduced and conversation rates are increased.
“Once again, we see that mobile fraud doesn’t have borders. The only way we will stamp out the fake clicks and installs that threaten the profitability of the world’s entire mobile ecosystem is to implement effective anti-fraud technology at API level,” explains Mr Lotfi.
In this regard, Evina is helping secure mobile end-users while enabling business growth for Mobile Network Operators (MNOs) by protecting over six million transactions every day.
Evina’s DCB technology is live in over 40 world markets where it specifically provides merchant and payment gateways with proprietary technology dedicated to preventing malicious apps from making payments.
Evina’s mobile advertising solution furthermore blocks fraudsters attempting to create fake clicks and installs across the entire digital advertising value chain.
“Our solutions mean trust reinstated for the end users who are the bread and butter of the mobile industry while operators, aggregators, merchants and ad networks all benefit from new business opportunities free of illegal activity,” concludes Mr Lotfi.