Returning rogue weather app continues mobile ad fraud

27 September 2019


A weather forecasting app from Chinese company TCL Communications has once again been caught making digital purchases of premium services without the knowledge of the phone’s owner. It is the second time the app has been exposed for this activity.

First caught in January 2019 by mobile technology company Upstream to be triggering false premium transactions and, at the time, secretly harvesting consumer data, the app – called Weather Forecast: World Weather Accurate Radar – is preinstalled on specific Alcatel phones and also available on Google Play Store. Following the revelation by Upstream the app immediately ceased its background activity and was withdrawn from the Play Store[1].

However, after an idle two-month period and despite the earlier exposure, Upstream says its Secure-D mobile security platform combating advertising fraud detected and blocked some 34 million fresh suspicious transaction attempts from Weather Forecast. The weather app, the version preinstalled on Alcatel Pixi4 devices, this time around and in just six months attempted to subscribe nearly 700,000 mobile consumers to premium digital services without their knowledge.

Revealing the rise of the fresh attacks, Upstream CEO Guy Krief said: “It seems lightening does strike twice. This weather app has lain low until the storm passed before returning to its old ways – with a spike in its rogue behavior just a couple of months after it was reported and continuous suspicious activity in deliberate regulated volumes to continue siphoning funds but still go unnoticed. Repeat malware offenders are quite common as data available from Secure-D’s blocks reveals. Unchecked, these apps can create billions of dollars of fraudulent advertising revenue while seriously impacting consumers’ pocket and mobile service experience by eating up their data, incurring unwanted charges and affecting the performance of their phones.”

Upstream is advising Pixi4 Alcatel device owners to check their phones for unusual behavior. Users should regularly check their phones and remove any reported malware. They should also check their bills for unwanted or unexpected charges for accessing premium data services and to look out for signs of increased data usage which could indicate a malicious app is consuming data in the background. To help check for malicious mobile apps, Upstream launched the Secure-D Index earlier this year. A free-to-use malware detection center, the Secure-D Index lists suspicious mobile apps that the company has blocked around the world.  

Source: Press Release