Report: Developing markets are suffering a mobile malware pandemic

Ryan Daws is a senior editor at TechForge Media, with a seasoned background spanning over a decade in tech journalism. His expertise lies in identifying the latest technological trends, dissecting complex topics, and weaving compelling narratives around the most cutting-edge developments. His articles and interviews with leading industry figures have gained him recognition as a key influencer by organisations such as Onalytica. Publications under his stewardship have since gained recognition from leading analyst houses like Forrester for their performance. Find him on X (@gadget_ry) or Mastodon (@gadgetry@techhub.social)


Anti-fraud platform Secure-D has released a report highlighting the mobile malware pandemic that developing markets are suffering.

The report is based on Secure-D’s processing of one billion mobile transactions and service sign-ups for 35 mobile operators in 23 emerging markets, helping to protect a total of almost 840 million users.  

Secure-D detected 46,000 malicious apps; with around one in six (16%) mobile devices in emerging markets carrying at least one. It’s a stark contrast to the global average of around one in 36 (2.6%).

Dimitris Maniatis, CEO of Secure-D developer Upstream, says:

“The disruption from the pandemic has resulted in a sudden surge of online activity for business, schooling, entertainment, and socialising. This has, in turn, caused a spike of fraudulent activity from bad actors looking to exploit the situation.

The digital divide has left users in emerging markets particularly vulnerable, not only because they depend on tools like direct carrier billing, but because their mobile devices are often their only gateway into the online world.”

Pre-installed system apps feature heavily in the top ten malicious apps and often come with low-end Android handsets that are favoured in emerging markets.

The highest infection rates were detected in Indonesia, where over 99 percent of mobile transactions were flagged as fraudulent. Brazil was in second place with a 96 percent rate, and Thailand a close third at 92 percent.

Secure-D prevented approximately  $1.3 billion in losses across the 23 markets.

“One example of how malicious apps operate is the ‘Best QR Code Scanner’, an app removed from Google Play, that triggered 15,997 transaction attempts from a single user’s mobile in Brazil in just one month,” comments Geoffrey Cleaves, Head of Secure-D at Upstream.

Google Play remains the safest Android app marketplace but is far from immune to distributing malware-infected software with 29 percent of the apps still going undetected, and just seven percent being removed.

Radio player app “com.android.fmradio” carried out the most fraudulent transactions over the period, responsible for a whopping 99.8 million and infecting 356,270 devices globally. The app has since been removed from Google Play.

However, the most suspicious app category now on Google Play is “Games”—which surpassed the “Tools and Personalization” category that was previously most-favoured by fraudsters in 2019.

Threat actors are shifting their attention to the increasing adoption of third-party app stores where 71 percent of malware-infected apps are available. This represents a sharp increase from 49 percent just a year prior.

“As more of our life and work goes online, security will need to become an integral part of any digital offering and not an optional add-on feature,” continues Maniatis.

“Combating fraud especially in developing regions will ensure the mobile ecosystem retains its integrity and profitability and can keep providing communities with an essential and valued service.”

(Image Credit: mohamed Hassan via Pixabay)

Interested in hearing industry leaders discuss subjects like this? Attend the co-located 5G Expo, IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.

Tags: , , , , , , , , , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *