Mobile Devices are Increasingly Infected with Malware and No One Seems to Notice

Mobile devices are increasingly likely to be infected with malware, especially in developing markets. The economic and technological gap that already exists between the social classes is being further widened by the COVID-19 pandemic. A 2021 report from Upstream shows that 16 percent of devices in markets like Brazil, Indonesia, South Africa and Thailand have processed fraudulent transactions from malware. The data from this report is based on Upstream’s Secure-D platform, which processed one billion mobile transactions from almost 840 million users in 23 emerging markets during the study period in 2020.

The report shows that the inspection of mobile devices during the pandemic is on a scale previously unsuspected. Analysts detected at least 46,000 malicious apps, although 95 percent of them were globally blocked. This finding means that about one device in six is carrying at least one infected app, although only 2.6 percent were carrying a high risk app. The fraudulent transactions that Secure-D blocked saved users in emerging markets an estimated $1.3 billion in 2020. These apps generally initiate transactions as quickly as possible in a brute force approach that relies on educated guesswork to determine the password. One app on Google Play attempted to execute a transaction 15,997 times in one month.


Emerging Markets

Upstream found the highest infection rates in Indonesia, where over 99 percent of all mobile transactions were blocked for being fraudulent. Brazil came in second place with a block rate of 96 percent, and Thailand was in third at 92 percent.

Mobile users in these areas primarily use their devices to connect to the internet. However, they’re often new to the technology and pay high data rates compared to those in developed markets. Millions of people in emerging markets also have no bank accounts, so they rely on mobile devices to buy goods and services. This combination of factors makes these users particularly vulnerable to malicious actors, who may be taking advantage of the current health crisis to increase infection rates.


Effects of COVID-19

These actors appear to be turning away from Google Play and towards third-party app stores that may be less secure. Upstream’s report shows that the rate of infection in app stores rose from 49 percent to 71 percent in one year. Google Play is one of the safest places to download Android applications, although even this legitimate app store has an infection rate of 29 percent. The dramatic increase in online activity resulting from COVID-19 is also a major cause of the increased infection rates.


Infected Apps

The most active malware observed during the reporting period was, which is a radio player app. It infected 356,270 devices in 2020 and was responsible for 99.8 million fraudulent transactions before Google Play removed it. System apps also appeared prominently in the list of suspicious apps, primarily due to the large number of these apps that are pre-installed on low-end Android devices. Video apps like SnapTube and VivaVideo are another common source of infection since they attempt to initiate premium subscriptions in emerging markets.


Botnet flickr photo by shared under a Creative Commons (BY) license