3 years after the launch of the legendary Xiaomi Mi A1, Android One is dying

The VivaVideo app, with more than 100 million downloads, commits advertising and payment fraud, according to Secure-D



A famous video editing application has been caught committing serious fraud: VivaVideo would generate false advertising clicks, steal user data and, above all, would have collected more than 27 million unsolicited subscriptions.



It is not the first time that we see fraudulent applications in the Play Store and it will not be the last, there is no doubt that Google has a serious problem with detecting malicious software. Advertising fraud is becoming more and more common, as is the abuse of trial subscriptions. And there are applications that are repeat offenders, as with vivaVideo: this app was already caught integrating spyware in its code. Now its developers have gone further.






VivaVideo would try to subscribe the user without him knowing



Vivavideo


What the security firm Secure-D has discovered is enormous, not only due to the hidden activity of the application itself: VivaVideo is an extremely popular app that has been downloaded on more than 100 million Android and that, above all, it has an average of 4.4 stars. With these figures it is surprising that under the code it has a functioning dedicated to squeeze each user in the background.







We install a malware that "hack" our mobile: these are the permits that can be obtained without us noticing





As we said, the developers of VivaVideo have already been caught embedding spyware in the code to steal user data. That was in May of this year, almost six months before Secure-D analyzed the application's background behavior for discover multiple fraud attempts, all of them very serious.



Vivavideo


VivaVideo is a video editing app, its name says so. Even so it requires more permissions than necessary for the task, it also integrates in-app purchases to unlock full use of the software. The problem is that VivaVideo hides an advertising fraud from the user based on open ads in the background and simulate clicks, an attitude that Google is penalizing especially. And not only that: as they discovered in Secure-D, VivaVideo tries to charge small payments to its users to pay them to subscriptions with the intention of obtaining commission per affiliate. As a final straw, developers take advantage of the app to capture data from the phone.



VivaVideo would have loaded up to 27 million payments in subscriptions according to data obtained by Secure-D



As highlighted in Forbes, the security firm has put your discovery in the hands of Google, who is investigating it. Our advice is that if you installed VivaVideo, remove the application. Every precaution is always little.



Via | Upstream





Comments