In a recent Android security breach, millions of users have been secretly charged through a malicious third-party keyboard app. The app signed up users for various premium subscription services without their consent.
The nefarious app, “ai.type” is a customizable Android third-party keyboard app developed by Israeli firm “ai.type LTD”. It is described as “Free Emoji Keyboard” and has been downloaded by over 40 million users already.
The app has been struck down from the Play Store in June this year by Google, but it is still there in the devices of millions of users, posing a threat to financial losses.
Upstream Security’s mobile security platform, Secure-D has discovered the security breach and said the app has been sending millions of invisible ads and fake clicks in addition to real user data about clicks and purchases to different ad networks.
Secure-D has so far blocked duplicitous transactions worth of $18 million out of which 14 million transactions relate to 110,000 Android devices only. The affected users are spread across 13 countries, though the fraud has hit users more in countries like Egypt and Brazil.
The Free Emoji Keyboard app is one of the many fake apps discovered on Google Play platform of late. The search giant had only recently taken down as many as 15 malicious apps from the Play store.
The Upstream Security has advised all those who have installed the Free Emoji Keyboard to remain vigilant about its wayward behavior, especially when there seems increased data usage. If not necessary, the app should be uninstalled at best on suspicion.
Third-party apps, in many cases, are exploitable with malicious codes such as ransomware and adware. So, it is always advisable that users should only download apps from trusted sources and developers to avoid any security breach. Also, the apps which are only needed should be kept in the smartphone.