More than 114 million suspicious mobile transactions initiated by 4shared recently blocked by Upstream's Security Platform in 17 countries

4shared delivers invisible ads to mobile devices, incurs unwanted charges

Upstream, a leading mobile technology company, reports that high-ranking Android application 4shared with over 100 million downloads triggers suspicious background activity. The app delivers invisible ads to the device, generates fake clicks and carries out purchases of premium digital services, while reporting real views, clicks and purchases to the ad networks.

Over a recent period, Upstream's security platform, Secure-D, detected and blocked more than 114m suspicious mobile transactions initiated by 4shared. These transactions originated from 2m devices across 17 countries. If not blocked, they would have subscribed users to premium digital services potentially costing them up to $150m in unwanted charges. Most of the, still ongoing, suspicious activity was mostly centered in Brazil. Other top affected markets include Indonesia and Malaysia.

Guy Krief, CEO of Upstream, commented: "The growing sophistication of disguised malware in the form of seemingly benign and often very popular applications together with the scale of the issue can no longer be ignored. No entity in the mobile ecosystem remains unaffected. From app developers, ad networks and publishers, to advertisers malware is putting a dent in both their credibility and earnings. Mobile operators are taking the blame while consumers remain widely unprotected and unwarned and are called to foot the bill. Mobile ad fraud, a $40 billion industry, will reign unchallenged unless mobile security rises up in the industry's priority list".

4shared is a popular, highly-ranked Android application allowing users to store and share video and audio. The app generated over 100m downloads from Google Play ranking second in its category in Austria, 7th in Italy, and 10th in Switzerland. In April, it was abruptly removed from Google Play, then replaced the following day. The new version has been submitted as an entirely new app not a version update -keeping the original 4shared icon. As of June 21st, there have been more than 5m installs of the 'new' 4shared on Google Play, free from the suspicious code, unlike the 100m previous app users that remained affected. 4shared is developed by Ukrainian firm New IT Solutions Ltd.

Secure-D found that 4shared contains Software Development Kits with embedded and obfuscated hard-coded links to Command Control servers that access online ads via a series of redirections. They then download and load a JavaScript file that triggers automated clicks and sets cookies in order to determine whether a "click" has already been made for a specific ad in the past. The application also sends personal data to servers located in the British Virgin Islands and the US upon user consent.

4shared is only one single case; Secure-D detects more than 170 new malicious apps every day. With the mission to combat mobile fraud, protect subscribers and safeguard mobile operators, Secure-D is building the trust of mobile users and supports them in becoming fully engaged participants in the data era.

For the full report click here

