• Follow us

Internet

Popular cloud storage app hides a rather nasty surprise **updated with comments**

4Shared sent us the comments below.

"As an app developer 4shared has never been involved in any kind of fraudulent activity and had not been aware of such activity from the side of Elephant Data Ltd. until July 1, 2019. As of today 4shared has no ongoing cooperation with Elephant Data, and in the light of the released security research and allegations against Elephant Data's ad fraud, the company has already taken all possible measures to minimize further damage to the users of its old app, no longer available in Google Play. 4shared recommends users to uninstall the old, and install the new 4shared application for Android OS, - as soon as possible."

Mobile technology company Upstream has discovered that the popular app 4shared has been triggering suspicious background activity on Android devices by delivering invisible ads, generating fake clicks and carrying out purchases of premium digital services while reporting real views, clicks and purchases to ad networks.

The firm's security platform, Secure-D, managed to detect and block over 114m suspicious mobile transactions initiated by the app originating from 2m unique mobile devices across 17 countries.

If Upstream had not blocked these transactions, they would have subscribed users to premium digital services, potentially costing them up to $150m in unwanted charges. The suspicious activity, which is still ongoing, is mostly centered in Brazil while Indonesia and Malaysia were the other top affected markets.

Upstream's CEO Guy Krief provided further insight on the company's discovery, saying:

“The growing sophistication of disguised malware in the form of seemingly benign and quite often very popular applications together with the scale of the issue can no longer be ignored. No entity in the mobile ecosystem remains unaffected. From app developers, ad networks and publishers, to advertisers malware is putting a dent in both their credibility and earnings. Mobile operators, more often than not, are taking the blame while consumers not only remain widely unprotected and unwarned but are called to foot the bill. Mobile ad fraud, a $40 billion industry, will reign unchallenged unless increased mobile security rises up in the industry’s priority list”.

4shared

4shared is a popular and highly-ranked Android app that allows users to store and share video and audio files. The app has generated over 100m downloads on the Play Store and is ranked second in its category in Austria, 7th in Italy and 10th in Switzerland.

Back in April of this year, the app was abruptly removed from the Play Store and the replaced the following day. Instead of updating the app, its developers submitted an entirely new app which kept the original 4shared icon. The new app has already been downloaded over 5m times and it does not contain any of the code responsible for the suspicious activity. However, over 100m users who installed the old version of 4shared remain affected.

The Secure-D investigation found that the old 4shared app contains Software Development Kits (SDKs) with embedded and obfuscated hard-coded links to Command & Control servers that access online ads via a series of redirections. A JavaScript file is then downloaded by the app that triggers automated clicks and sets cookies to determine whether a “click” has already been made for a specific ad in the past.

The app also sends personal data to several servers located in the British Virgin Islands and the US after receiving user consent. Secure-D also discovered that 4shared is attempting to mask its identity while conducting suspicious activity by assuming the names of legitimate apps.

If you have 4shared installed on your device, it is recommended that you uninstall it immediately and those who wish to learn more about the incident can read the full report on the investigation.

Read More



Leave A Comment

More News

Latest ITProPortal news

What is ransomware? Everything you need to know 2019-06-18 09:59:40Ransomware: What’s new 18/06 - NEWS - GandCrab ransomware is no more - Victims can now decrypt files, and it seems as new versions won't be com

Samsung tells users to check their smart TV 2019-06-18 08:00:04Security experts are baffled.

GandCrab ransomware is no more 2019-06-18 07:30:10Victims can now decrypt files, and it seems as new versions won't be coming.

Workers are ready to ditch passwords 2019-06-18 07:00:53Needing to remember multiple passwords makes many anxious.

ITIL 4 has finally arrived. Is it enough 2019-06-18 07:00:02Rather than attempting to rewrite the ITSM playbook, the latest iteration of ITIL has instead been packaged as more an expansion on the previous gener

UK data regulator says its own site doesn't 2019-06-18 06:30:55ICO is in the process of urgently updating its website.

Artificial intelligence: The game changer for businesses 2019-06-18 06:30:15Many people are unsure about the relevance of AI in terms of business encounters.

Does consolidation help or hinder the internet? 2019-06-18 06:00:19To understand how a consolidating Internet economy may shape the Internet’s future is to recognise that this trend goes beyond products and serv

US chipmakers are lobbying to reverse Huawei ban 2019-06-18 06:00:15Huawei is not the only one losing out after blacklisting.

Is having an app still a choice for 2019-06-18 05:30:53Having an app is a great choice for your SaaS startup, so we are going to discuss the potential benefits in our article.

Four key considerations on AI enabled IT service 2019-06-18 05:00:20CIOs need clarity about what AI is and is not when it comes to ITSM.

Data literacy – the foundations of business success 2019-06-18 04:30:03Innovation in data technology is helping businesses make better use of the ever-growing volumes of data they generate.

TechRadar: Internet news

Jamaica vs USA live stream: how to watch 2019-07-03 18:41:42Reggae Boyz out to make their third consecutive Gold Cup final as they face the USMNT. Check out our Jamaica vs USA live stream guide for all your wat

Symantec reportedly in Broadcom takeover talks 2019-07-03 17:04:33Broadcom may be looking at Symantec deal following last year's CA Technologies acquisition

Chile vs Peru live stream: how to watch 2019-07-03 16:56:12Who will win the 'Pacific derby' and join Brazil in the 2019 Copa América final? Check out our guide for your Chile vs Peru live stream.

Parallels and Winzip developer Corel acquired 2019-07-03 16:47:45Investment equity firm KKR snaps up Corel less than one year after Parallels deak.

The best VR laptops: these notebooks are ready 2019-07-03 16:24:29Don't have room for a VR gaming PC in the house? Then you're going to need a powerful laptop.

Copa América 2019 live stream: how to watch 2019-07-03 15:51:00The last four in Brazil and a classic encounter beckons. Read our guide for your 2019 Copa América live stream options as we enter the semi-fin

The best gaming monitor 2019: the 10 best 2019-07-03 15:49:44With the best gaming monitors, your games will come alive in ways you can’t even imagine.

The best Chromebooks 2019 2019-07-03 15:33:50We've searched far and wide for the best Chromebooks you can buy, always up to date and thoroughly tested.

The best PC gaming headsets 2019 2019-07-03 15:20:26The best gaming headset brings your game audio to life and won't cramp your ears after long play sessions. Here are the top 15 headsets we've tested

Netherlands vs Sweden live stream: how to watch 2019-07-03 14:58:58It's all or nothing in the second 2019 FIFA Women's World Cup semi-final. Don't miss a kick with our Netherlands vs Sweden live stream guide.

Best gaming laptops 2019: the 10 top gaming 2019-07-03 14:40:15The best gaming laptops you can buy, always up to date with the latest hardware configurations.

Popular cloud storage app hides a rather nasty 2019-07-03 14:35:43Upstream has blocked over 114m suspicious mobile transactions.

ExtremeTech » Internet

SpaceX Lost Contact With 3 Starlink Satellites 2019-07-01 14:32:03Losing three satellites in a matter of weeks doesn't sound great, and indeed, it would be preferable if none of them failed. However, SpaceX CEO Elon

Udemy Class Review: Rocket Engineering and Interstellar Space 2019-07-01 13:02:48Udemy’s Rocket Engineering and Interstellar Space Propulsion course provides a considerable amount of information on both topics crammed into a

Microsoft Adds Tracking Prevention to Latest Chromium Edge 2019-06-28 14:07:34The latest feature to appear in a pre-release build is tracking prevention. You'll have to tinker with the settings to turn it on, but the process sh

How Shipping a Huawei Phone Via FedEx Made 2019-06-26 16:11:42How a Huawei phone and a FedEx delivery turned into an international incident. The post How Shipping a Huawei Phone Via FedEx Made International News

Udemy Class Review: The Foundations of Computer Design 2019-06-26 11:01:13We look at Udemy's The Foundation's Of Computer Design course to see how well it performs its job of teaching the basics of computer design. The pos

Firefox Zero-Day Used to Install Mac Malware 2019-06-21 17:43:28Mozilla issued an emergency Firefox patch earlier this week, citing a dangerous zero-day exploit. Because it believed hackers were exploiting the flaw

‘Reset’ Nest Cams Could Still Send Video to 2019-06-21 08:36:26The Wirecutter confirmed with a Nest Cam that, yes, Wink retains access to the camera after a reset. This is the case even if someone else sets up the

A Rogue Raspberry Pi Let Hackers Into NASA’s 2019-06-20 12:26:28NASA’s Jet Propulsion Laboratory (JPL) works with some of the most advanced technology in the world including Mars rovers and space telescopes.

Mozilla Issues Emergency Zero-Day Firefox Patch 2019-06-19 15:50:22Mozilla advises all Firefox users to update to the latest version of the browser as soon as possible. The company has just become aware of a zero-day

Protect Your Online Privacy With the 5 Best 2019-06-17 12:21:48Investing in a VPN is a smart choice right now, but the options are vast. To help narrow things down a bit, we've rounded up five of our very favorit

People Aren’t Patching for the BlueKeep Windows Exploit, 2019-06-06 13:32:22Now even the NSA is getting worried that the so-called BlueKeep flaw could result in a dangerous worm that spreads across the globe, wreaking havoc on

Microsoft Says Forced Password Resets Don’t Improve Security 2019-06-04 13:07:28For decades, the baseline password practices Microsoft provided to customers suggested forcing employees to change their passwords every 60 days. Acco


Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.