Researchers have discovered that a weather app that comes preinstalled on Alcatel smartphones has inside its code a malware that was used to silently subscribed the Alcatel device to premium phone numbers.
The problematic app is Weather Forecast-World Weather Accurate Radar and was developed by TCL Corporation.
TCL Corp is a Chinese electronics company that owns the Alcatel, BlackBerry, and Palm.
The app comes pre-installed in most of the Alcatel smartphones, but researchers discovered that it is also made available on the Play Store for all Android users from where it was downloaded and installed more than ten million times.
During a routine app malware analysis, researchers discovered that TCL’s app caused financial losses to all its users. For now, it is unclear how the malware ended up în the app and until this time TCL has not given any states regarding this big issue.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
Besides its main purpose, the app was harvesting users’ data and sending it to a server in China. The app collected all kinds of data from geographic locations, email addresses, to IMEI codes.
Besides this precious information stealing behavior researchers also found that in certain countries, the malware hidden inside the app subscribed the targeted users to premium phone numbers that incurred large charges on users’ phone bills.
In Brazil, 2.5 million transactions were made from 128,845 unique mobile phone numbers and other 428,291 transactions were attempted from app premium digital service.
In Kuwait, 78,940 transactions were made from Alcatel devices, and other unknown numbers of transactions were made from Nigeria, South Africa, Egypt, and Tunisia.
From all those transactions some were blocked but some of them that got $1.5 million from phone owners haven’t been blocked.
Good news is that Google has removed the app from the Play Store and notified TCL.
For now, the source of the infection appears to be a TCL developer who had his system compromised.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.