New Android Warning: 40M Users Installed Video App Hiding Devious Malware—Delete Now


Here we go again—another popular Android app caught defrauding users on a huge scale. This is familiar territory now, although the numbers get bigger and more onerous. The app this time is SnapTube, a video downloader that lets users select YouTube and Facebook videos to play offline. The app’s developers claim more than 40 million users, and it has been installed many more times that that. The problem, it seems, is that while users are enjoying those videos, the app’s software is busy doing other things in the background—essentially defrauding both users and advertisers to generate material financial returns.

The disclosure against SnapTube has been made by researchers at Upstream, who say that their Secure-D platform detected and blocked “more than 70 million suspicious mobile transaction requests” from SnapTube installs on 4.4 million devices. And this was all inside a six-month period. Such fraud tends to run in bursts, and the team seems to have been monitoring the app at the right time.

According to Upstream, “SnapTube has been delivering invisible ads, generating non-human clicks and purchases… The ads are hidden from users as they do not appear on-screen.” Generating returns from adware or click fraud is one thing, but the report claims that SnapTube has gone further, to the triggering of premium calls and texts, and subscribing users to paid services. Upstream has calculated that this fraudulent purchase of “premium digital services” would have cost users up to $91 million.Today In: Innovation

SnapTube was developed by China-based Mobiuspace—which has pushed various apps onto Google’s Play Store. SnapTube, though, hasn’t made the Play Store grade. YouTube’s parent Google doesn’t appear too keen on video downloader apps for obvious reasons. But Mobiuspace still claims 40 million active users who have installed the app from third-party stores.

Upstream’s CEO Guy Krief described SnapTube as “literally a screen for the suspicious background activity. Under test conditions we found not just background advertising click fraud, but also countless examples of users being signed up for premium digital services or subscriptions even when the phone is not in use. No notifications appear on the screen whatsoever and the user has absolutely zero control.”