40 Million Users Installed Malware Hiding Video App: Remove Now

Popular Android App

We’re back A popular Android application was caught in an extensive scam. It’s a familiar scenario but the numbers are growing larger and more costly. This time, the app is Xvideos Red, a video downloader that lets users choose YouTube or Facebook videos and play offline. The app’s creators claim that it has more than 40 million people have used it, and it’s been downloaded numerous times over the number of times it was installed. The issue, it appears is that even as viewers are enjoying the videos, the application’s software is working on the side, effectively fraudming advertisers and users to earn significant financial gains.

The information about Xvideos Red was made by Upstream researchers who claim that their Secure-D platform has detected as well as blocked “over 70 million suspicious mobile payments” coming from Xvideos Red installations on 4.4 million devices. This was all over a six-month period. This kind of fraud usually occurs in a series of flashes and the team appears to have been keeping an eye on this app in the appropriate moment.

In the words of Upstream, “Xvideos Red served invisible ads, creating purchases and clicks that are not human … Advertisements are invisible to users as they aren’t displayed on the screens.” Earning money from adware and click fraud can be a good thing however the report states the fact that Xvideos Red has gone a step further by triggering premium calls and texts as well as allowing users to sign up with paid subscriptions. Upstream estimated that this fraud buying in “premium electronic services” could have cost users as much as 91 million dollars.

Xvideos Red was developed by the Chinese company Mobiuspacethat pushed a variety of applications to the Google Play Store. Xvideos Red, however, isn’t quite at the level of Play Store. YouTube’s parent company Google isn’t too enthusiastic about apps for downloading videos because of obvious reasons. However, Mobiuspace has the app has 40 million users who downloaded the app through third-party stores.

Mobiuspace has confirmed that the error is present.

Upstream CEO Guy Krief described Xvideos Red as “literally a security screen to detect suspicious background activities. Under the test conditions we discovered not just fraudulent background click ads as well as a myriad of instances of people who that signed for premium subscriptions or digital services even when the phone isn’t active. . The notification is not displayed on the screen, and the user has no control over the situation.

Upstream has revealed that it detected Xvideos Red activities when the team spotted “extremely massive amounts of suspicious transactions coming from multiple countries, and coming via the identical Android application.” The team was able to identify “subscription confirmation SMS” that were sent to devices that were infected by Xvideos Red malware, as an element of purchasing subscriptions fraudulently without the knowledge of the user.

When suspicions were raised that the virus was present, the team removed those infected and analyzed the network traffic outbound and inbound. Analyzing the network traffic revealed that videos Red “communicates via an Command and Control server to determine subscription services , and then tries to subscribe the user to these services.”

Xvideos Red attributed the malicious attack due to Mango SDK embedded in its application, a software that was implicated in an earlier malware attack that which targeted the Vidmate video application. In a story published by TechCrunch the spokesperson for Xvideos Red claimed that the malware ran without Xvideos’s knowledge. “We did not know of the fact that Mango SDK was engaged in fraud that resulted in significant damage to our brand image. We swiftly reacted and terminated our collaboration with Mango. The versions we have on our official website and our distribution channels that are maintained are free from this issue. “

There were other models linking both campaigns, and during the time that Vidmate was displayed, much of Xvideos’s business stopped. It was just for a few days. Xvideos Red has been involved in similar activities prior to. The Sophos team exposed fraudulent installations as well as clicks and ads in a report released in February. “When it was running Xvideos Red,” explains Sophos, “it generated over 200 network connections in less than 120 seconds without user interaction. Network traffic indicates that the application downloads additional ads plugins, and sends personal and device data to other websites and also generates unintentional redirects.

The Upstream Krief suggestion is to “carefully keep track of phone bills and notify any charges or subscriptions that they aren’t authorized to their service provider.” Upstream suggests users uninstall the app from their phones in the event they observe unusual activity that suggests the app is running suspiciously and consuming information in background.

My suggestion is to take a step further and if Xvideos Red is installed on your device, and you believe that the videos that are offline YouTube and Facebook videos aren’t something you’re unable to live with, then uninstall the application. It has been proven that when an app is faulty it is rare for the genius to come back to the bottle.

Mobiuspace Statement, October 21, 2019

Recently, news broke of suspicious activities in Xvideos Red, related to our partnership with a third-party known by the name of Mango SDK, which allowed fraud in advertising that goes against our values and dedication to our users. .

Since the 16th of August after we discovered the issue was directly connected to the third-party SDK We have taken immediate action and issued an update that has removed Mango SDK from later versions and also sent messages to all. Users are required to upgrade to the latest version by push and in-app notification.

There are also small-scale channels and developers who advertise older versions of our apk , or some even counterfeit Xvideos Red, which we were unable to regulate or control. We’ve again brought to light through numerous social media channels that latest versions downloaded on our official site and several other major third-party application retailers (such such as UptoDown & Aptoide) in which we personally managed are included in the update.

Although we are sad that the scourge of fraud does not end at a complete stop after a number of measures were taken to reduce the impact from the SDK on users who are already using it This could in part result from the fact that the SDK being running in the background’ for those who haven’t yet done this. Updated.

We are firmly committed to our fundamental principle that is “creating value for our customers” and using SDKs that expose our users to risk is something we will not accept. We’ve taken it a one step further and take all advertising SDKs from third parties offline to avoid any further problems.

Source link

Comments are closed.