A weather forecast app which is pre-installed on Alcatel smartphones is loaded with the malware that secretly sending personal data to a server in China.
According to the findings of an investigation done by Upstream’s Secure-D, the app was found collecting geographic locations, email addresses, IMEI codes, and sending all the user data to China. The app has a number of privacy-invasive permissions on the device.
The app has been developed by TCL, the Alcatel brand licensee, and is also available on the Google Play store. Till now it has been downloaded more than 10million times and has managed to have a decent user rating 4.4.
“As soon as the device was placed in the “sandbox”, the application also started – in the background (i.e. not visible to the user) – accessing web pages with digital ads. A specific url (https://traffic.tc-clicks.
com/?p=6070&media_type=adult& click_id=2- 35d4a42fc0e859aac674a67115e9df 9e_1536072819&pi=122 of the domain traffic.tc-clicks.com) was being continuously requested by the app, which in turn was redirecting to web pages with digital ads. The application was then clicking the buttons on those pages, without user interaction nor consent,” Upstream wrote on their blog.
The malware mostly affected users in Brazil, Kuwait, and some countries in Africa.
“We recorded 50MB to 250MB of data per day being consumed by the application’s unwanted activity,” researchers said. Incurring financial losses to victims.
Meanwhile, Google has removed the app from the Play Store after the Wall Street Journal and Upstream notified TCL and Google officials.
“The suspicious activity stopped after the WSJ contacted TCL,” an Upstream spokesperson told ZDNet, “although the data collection continued.”