Android keyboard ai.type caught attempting to make fraudulent purchases

unsplash-logoRami Al-zayat

An Android keyboard has been caught attempting to charge millions in fraudulent fees to unsuspecting users.

Artículo disponible en Español | Article disponible en Français

Applications infected with malware are not an unusual thing on Google’s Play Store. While the company performs a number of checks on each application, we regularly hear about how the internet giant blocked and removed dozens, if not hundreds, of applications from their store, due to a wide variety of reasons, such as breaking Google’s terms of service, although, in most cases, this was due to the applications requesting too many permissions to access as much user data as possible, as well as being involved in ad fraud in some way or another

It is also difficult to pinpoint the exact culprit. At times, the developers of the application are to be blamed, as they intentionally design their app this way to abuse the users’ trust. In other, isolated cases, it turns out the developers used code sourced from third parties to develop their app, with this external code containing the malware in question.

If we now focus on the subject of this article, an Android keyboard, ai.type (which was also available on iOS but with less popularity), which was downloaded over 40 million times, has been caught attempting to make fraudulent purchases for an estimated worth of up to 16 million euros, through the purchase of premium digital content, on top of showing advertisements in the background, performing ad fraud. The application was removed from Google’s Play Store at the beginning of last summer, in June 2019.

This information was revealed by Upstream’s security platform “Secure-D”, which, according to them, blocked over 14 million suspicious transactions coming from this Android keyboard, with most of the activity happening after the removal of the application from Google’s Play Store. It is likely the developers attempted to cash out while they still could, after having their app removed, having nothing to lose anymore. While the fraudulent activity increased after the removal of the app from Google’s store and lasted for most of the summer, Secure-D mentions the activity has now returned to levels before the removal, although slightly higher. The company does mention that they’ve been blocking all this activity since they started investigating ai.type, but users are advised to uninstall the keyboard regardless.

Users are also advised to keep an eye on announcements of this type, and regularly uninstall applications listed, mostly to keep their smartphones working properly. For instance, many of these applications will run constantly on the background, draining and overheating the battery, or slowing down the device overall. Others might also consume data in the background, which, for those with limited subscriptions, can be problematic.

Ironically, while working on a different article, we’ve crossed this keyboard on Huawei’s AppGallery, although it is now gone, likely removed by the smartphone manufacturer.