VidMate, a popular Chinese Android app, is allegedly triggering ‘suspicious background activity’ which could be affecting more than half a billion users.
According to Upstream, a mobile technology company, the app contains hidden software that delivers invisible ads, generates fake clicks and purchases, installs other suspicious apps without consent, and collects personal user information. As a result, it means that users can take a hit to their data allowance and be levelled with unwanted charges.
VidMate is an app for streaming and downloading videos and songs from services such as YouTube, Dailymotion, and Vimeo. However, it is not available via Google Play and is only distributed by third-party app stores.
Upstream says it used its security platform, Secure-D, to detect and block almost 130m suspicious mobile transactions initiated by VidMate – with transactions originating from nearly 5m unique mobile devices across 15 countries and worth a cost of up to $170m in unwanted charges.
43m of the suspicious transactions were flagged as coming from Egypt, while there were 27m from Myanmar, 21m from Brazil, 10m from Qatar, and 8m from South Africa. Ethiopia, Nigeria, Malaysia, and Kuwait were also among the top affected nations.
“Mobile advertising is a multi-billion-dollar industry on the rise and a very fertile ground for fraud,” said Guy Krief, Upstream CEO. “The VidMate example, whereby a single app is responsible for 130m suspicious transaction attempts over a few months, is cause for great concern. The growing sophistication of disguised malware calls for an ever more vigilant approach. In the fight against digital fraud ongoing technological innovation is key.”