Malicious Smartphone App Steals Data and Airtime from South African Customers

2019, Breaches, January

Who: Upstream 

No. of Accounts Breached: 27 million transaction attempts

What was affected: Alcatel Smartphones. The weather app’s background activity, invisible to users, was reportedly consuming up to 250MB of their mobile data daily.

When it happened: January 2019

How it happened: The company’s security platform, Secure-D, detected suspicious activity initiated by this application across multiple countries – most notably in Brazil and Malaysia, although South Africa was also affected. The application was named “Weather Forecast – World Weather Accurate Radar” and was pre-installed on Alcatel Pixi 4 and A3 Max devices – in addition to being available for download on the Google Play Store. When Secure-D tested the application, it found that the app was collecting and transferring users’ personal data to servers in China.

Outcome: Secure-D detected and blocked over three million fraudulent transaction attempts generated by the app across Brazil, Malaysia, Nigeria, South Africa, Egypt, Kuwait, and Tunisia. Despite its malicious behavior and background data usage, the app ranked among the top five weather apps in 30 countries, including in the UK and United States. After Upstream released its report, the app was removed from the Google Play Store.