New research from Upstream has revealed that the popular Android app VidMate has been hijacking user’s smartphones to use additional data, incur unwanted charges and collect personal information.
Currently the app, which allows users to stream and download videos and songs from services such as Dailymotion, Vimeo and Youtube, has over 500m download reported and all of those users could potentially be at risk from fraudulent activity.
Hidden software within VidMate delivers invisible ads, generates fake clicks and purchases, installs other suspicious apps without consent and collects user’s personal information. The app also depletes users’ data allowance which can bring unwanted charges.
VidMate is not available in the Google Play Store and instead the app is distributed through third-party app stores such as CNET or Uptodown.
Upstream used publicly available information to uncover the fact that VidMate was developed by a subsidiary of UC Web which is owned by the Chinese cloud giant Alibaba.
The firm’s security platform, Secure-D, detected and blocked almost 130m suspicious mobile transactions initiated by VidMate. These transactions originated from close to 5m unique mobile devices across 15 countries.
Ethiopia, Nigeria, Malaysia and Kuwait were among the top affected markets likely due to how common digital payments via mobile are in these countries.
Upstream’s CEO Guy Krief provided further insight on the company’s findings, saying:
“Mobile advertising is a multi-billion dollar industry on the rise and a very fertile ground for fraud. The VidMate example, whereby a single app is responsible for 130 million suspicious transaction attempts over a few months, is cause for great concern. The growing sophistication of disguised malware calls for an ever more vigilant approach. In the fight against digital fraud ongoing technological innovation is key.”
- Protect your devices from the latest cyber threats with the best antivirus