Mobile malware and airtime theft are much more common in Africa than anyone thought, it turns out.
Nearly 1.7 million mobile subscribers are infected with malware in South Africa alone, according to full-year data from 2019 by mobile security expert Secure-D.
Once activated, mobile malware forms part of a botnet, a network of infected devices controlled remotely at scale by a 'bot-herder'.
Now you see it: Airtime fraud and malware is a far bigger problem than previously thought. (Source: Wayan Vota on Flickr CC2.0)
It's increasingly common for smartphone malware to drive bogus traffic through banner ads. The fraudsters then claim pay-outs for the traffic.
This mobile advertising fraud market is worth more than $40 billion annually, says Secure-D's managing director Geoffrey Cleaves.
Among the most common apps doing this are ones called SHAREit, a transfer app for online videos, and a video editor called VivaVideo.
Fully 86% of mobile transactions processed in South Africa in 2019 were fraudulent, says Secure-D.
It found 24,000 malicious apps infecting more than two million mobile devices in the first eight months of 2020.
Johannesburg-based mobile telecoms company MTN Group has a security flaw allowing rogue application providers to secretly sign up users to content services and steal their airtime, says the South African tech website MyBroadband.
Click fraud malware also has been found pre-installed on smartphones made in Shenzhen by Africa's largest smartphone maker, Transsion Holdings. Transsion overtook Samsung in 2017 and leads Huawei.
The news is more worrying as Transsion's smartphones, including the Tecno, Itel, and Infinix brands, especially target users with more limited budgets.
Victims of airtime fraud will see their airtime and internet data deplete faster than usual, but won't necessarily know why.
South African mobile phone company Vodacom suspended one of its main partners, Mondia Media, for airtime theft earlier this week. Mondia Media nonetheless continues to work with Vodacom as a technology and platform supplier.
Hi Africa, California calling
Like all good trends, airtime fraud began in California.
Ordinarily, stolen mobile phones are cut off when attempting to place a telephone call.
But in the early 1990s, hackers figured out how to manipulate stolen mobiles to give a signal indicating they were roaming mobiles from overseas, entitled to unlimited telephone calls for $40 an hour.
The hackers would then sell this airtime on.
Zombie phones, in the current version of this fraud, not only use up their owners' data clicking on banners, but can unwittingly sign them up for ringtone and wallpaper services costing five to ten rand a day (23p-46p, or $0.30-£0.60).
Small amounts, but hitting many of Africa's poorest in the pocket. And netting billions of rand for the fraudsters.
— Pádraig Belton, contributing editor, special to Connecting Africa