VivaVideo is a top-rated video editing app for Android devices that has been caught initiating premium subscription attempts, delivering invisible ads to users while avoiding detection. Since early 2019, Secure-D detected and blocked over 20 million suspicious mobile transactions, originating from the VivaVideo Android app.
If not blocked by Secure-D, every transaction attempt could have triggered premium services purchase, costing users in 19 countries over $27 million in unwanted charges.
Most of the suspicious activity took place in Brazil (over 11.5 million mobile transactions) as well as Indonesia, Egypt, and Thailand.
VivaVideo is a freemium Android app, offering basic video production features — editing tools, effects, music overlays and more.
With the rising popularity of Instagram stories, reels and TikTok videos, VivaVideo had no issues with amassing a huge user base, lured in with simple and seemingly free video editing tools and filters.
The app has over 100 million installs and a 4.2 rating on Google Play, based on over 12 millions reviews. The listed app developer, QuVideo Inc, is based in Hangzhou City, China.
Previously, the VivaVideo app came on the security radar for using spyware software components to collect user data without their knowledge as several external audits confirmed. Our investigation uncovered further problematic behaviors that the app exhibited on infected devices.
VivaVideo has long been topping the list of suspicious apps on the Secure-D index, so Secure-D’s research team jumped on the opportunity to investigate further.
Upon analyzing the initial monitor logs for the app, the Secure-D team decided to further investigate the nature and scale of the fraudulent activities VivaVideo app was performing in the background.
Secure-D researchers acquired two infected devices from real users (a Samsung Galaxy SM-G930F and a Galaxy J1 Ace SM-J111F) and placed them under scrutiny in our lab to reverse-engineer the fraud pattern.
Hidden premium subscription attempts
During the course of the investigation, the Secure-D team witnessed real-time subscription attempts that VivaVideo v7.3. was trying to execute without any user intervention or authorization. Secure-D found evidence of such attempts on infected devices by analyzing the network logs as pictured below:
Service Name: KidZone
Service URL: http://doi.mtndep.co.za/service/6307
Disclaimer Ghanabanews is not responsible for the reportage or opinions of contributors published on the website. Send your news stories to firstname.lastname@example.org and via whatsApp on +233243359263/0276359263