• Login
NORVANREPORTS.COM |  Business News, Insurance, Taxation, Oil & Gas, Maritime News, Ghana, Africa, World
  • Home
  • News
    • General
    • Political
  • Economy
  • Business
    • Agribusiness
    • Aviation
    • Banking & Finance
    • Energy
    • Insurance
    • Manufacturing
    • Markets
    • Maritime
    • Real Estate
    • Tourism
    • Transport
  • Technology
    • Telecom
    • Cyber-security
    • Cryptocurrency
    • Tech-guide
    • Social Media
  • Features
    • Interviews
    • Opinions
  • Reports
    • Banking/Finance
    • Insurance
    • Budgets
    • GDP
    • Inflation
    • Central Bank
    • Sec/Gse
  • Lifestyle
    • Sports
    • Entertainment
    • Travel
    • Environment
    • Weather
  • NRTV
    • Audio
    • Video
No Result
View All Result
No Result
View All Result
NORVANREPORTS.COM |  Business News, Insurance, Taxation, Oil & Gas, Maritime News, Ghana, Africa, World
No Result
View All Result
Home Technology Cyber-security

VivaVideo App stopped from stealing $27 million in 20 million transactions

5 years ago
in Cyber-security, Technology
4 min read
0 0
0
321
VIEWS
Share on FacebookShare on TwitterShare on Linkedin

VivaVideo is a top-rated video editing app for Android devices that has been caught initiating premium subscription attempts, delivering invisible ads to users while avoiding detection.

Since early 2019, Secure-D detected and blocked over 20 million suspicious mobile transactions, originating from the VivaVideo Android app.

If not blocked by Secure-D, every transaction attempt could have triggered premium services purchase, costing users in 19 countries over $27 million in unwanted charges.

Most of the suspicious activity took place in Brazil (over 11.5 million mobile transactions) as well as Indonesia, Egypt, and Thailand.

VivaVideo is a freemium Android app, offering basic video production features — editing tools, effects, music overlays and more.

With the rising popularity of Instagram stories, reels and TikTok videos, VivaVideo had no issues with amassing a huge user base, lured in with simple and seemingly free video editing tools and filters.

The app has over 100 million installs and a 4.2 rating on Google Play, based on over 12 millions reviews. The listed app developer, QuVideo Inc, is based in Hangzhou City, China.

RelatedPosts

Cyber Security Authority Flags Rising Mobile Data Scam, Cautions Public

New Standards for Economic Data Aim to Sharpen View of Global Economy 

Crypto Outpaces Traditional Finance: Fastest Growing Companies of 2025

Previously, the VivaVideo app came on the security radar for using spyware software components to collect user data without their knowledge as several external audits confirmed.

Our investigation uncovered further problematic behaviors that the app exhibited on infected devices.

VivaVideo has long been topping the list of suspicious apps on the Secure-D index, so Secure-D’s research team jumped on the opportunity to investigate further.

Threat Behavior

Upon analyzing the initial monitor logs for the app, the Secure-D team decided to further investigate the nature and scale of the fraudulent activities VivaVideo app was performing in the background.

Secure-D researchers acquired two infected devices from real users (a Samsung Galaxy SM-G930F and a Galaxy J1 Ace SM-J111F) and placed them under scrutiny in our lab to reverse-engineer the fraud pattern.

Hidden premium subscription attempts

During the course of the investigation, the Secure-D team witnessed real-time subscription attempts that VivaVideo v7.3. was trying to execute without any user intervention or authorization.

Secure-D found evidence of such attempts on infected devices by analyzing the network logs as pictured below:

Service Name: KidZone

Service URL: http://doi.mtndep.co.za/service/6307

Subscription cost: 4 ZAR/day (€0.21/day)

During subsequent monitoring, the Secured-D team also detected a fake advertisement click on an ad banner at 9:00 am, shortly followed by a subscription purchase attempt at 9:01 am. At that time the device was sitting unattended in the Secure-D lab.

In this case, the service purchase attempts were attributed to an affiliate network. If the purchase was successful, the advertiser would have been charged a commission fee by the network.

Fraudulent mobile apps are good at curtailing activity when being monitored

During the next step of the investigation, Secure-D performed static code analysis to determine if the app ceases its fraudulent activity when the phone is rooted or when it’s being monitored via emulation or remote monitoring software.

VivaVideo v8.4.2 has a code which checks for the existence of emulation frameworks.

During our tests, we detected that the VivaVideo app transferred a list of installed monitoring apps to the following endpoint: https://xy-flkf-medi.kakalili.com/api/rest/s/recordapplist

Our findings confirmed that the app contains code snippets which check for monitoring software installed on the user’s device.

VivaVideo stopped running all the suspicious background activity when the monitoring app was installed.

Fraudsters are continuously improving their tradecraft. Such code snippets are a common method fraudsters use to remain undetected when it comes to mobile ad fraud.

VivaVideo contains a known ad fraud SDK, banned by Google

In 2018, Google conducted a major investigation into 3 malicious ad network SDKs (software development kits) and banned them from Google Play, along with the developers using them. One of the problematic SDKs was Batmobi.

Batmobi exploits user permissions to engage in click injection and click flooding — two popular ad fraud techniques, causing major advertising losses.

In particular, Batmobi was found to be recording false clicks and sending them to advertisers to claim a bounty for an app install.

Our security team found that Batmobi SDK was present in earlier versions of the VivaVideo app, that are no longer available on Google Play.

However, our interviews with infected device owners revealed that outdated VivaVideo app versions were frequently distributed via ShareIt, a popular transfer and sharing app. That is how the malicious SDK kept circulating among mobile users.

Android permission abuse

VivaVideo requires unnecessary user permissions

To use the app, users are requested to authorize access to an array of sensitive information such as GPS location, currently running apps, and more:

Such permission requests are hardly necessary for a video editing application to run properly. Τypically, this type of app likely needs them to run hidden activity that is not related to the app’s core function.

Consequences on the Users

Unless prevented by Secure-D platform, VivaVideo could have continued feeding on unsuspecting customers’ prepaid airtime, mobile data and ultimately money.

During the monitored period, Secure-D blocked over 20 million suspicious mobile transaction requests, originating from over 1 million infected devices across 19 countries, with VivaVideo installed.

If not blocked by Secure-D, every transaction attempt could have triggered premium services purchase, costing users in 19 countries over $27 million in unwanted charges.

The actual fraud figure may be even higher as this estimate is based on Secure-D analysis and deployments on a small sample of total Internet traffic.

Cure

If you have VivaVideo installed on your device, head to the Google Play store and update it to the latest version. 

To avoid getting played by predatory apps, Android users should always install apps from Google Play only and avoid any unverified marketplaces or direct links.

However, mobile apps coming from legitimate sources can be compromised too. Before installing anything new on your device, be sure to:

  • Check the app reviews on the marketplace and around the web.
  • Review developer details and assess their credibility.
  • Read the list of requested permissions and verify that all of them are actually needed for the app to work.

Source: techgh24
Tags: Google play storeSecure-DVivaVideo App
No Result
View All Result

Highlights

Europe’s Energy Future Hinges on Global Powers

US Companies Cut Investments in China to Record Lows, Here’s Why

How AI is Rewriting and Enhancing Water Risk Management

SheFarms Broiler Edition Kicks Off in Greater Accra

PharmAccess Ghana, Healthcare Federation of Ghana sign SafeCare License Agreement; to use Newest ISQua-Certified Version 5

Tanzania Sink Burkina Faso to Delight Home Crowd In TotalEnergies CHAN 2024 Opener

Trending

Features

MTN Nigeria Now the Most Capitalized Stock in Nigeria

August 3, 2025

MTN Nigeria Now the Most Capitalized Stock in Nigeria MTN Nigeria has surged to become the most...

Nigerian Stock Market Creates Largest Pool of Billion-Dollar Stocks in 2025

August 3, 2025

OPEC+ Nears Decision Point on Next Oil Output Hike

August 3, 2025

Europe’s Energy Future Hinges on Global Powers

August 3, 2025

US Companies Cut Investments in China to Record Lows, Here’s Why

August 3, 2025

Who we are?

NORVANREPORTS.COM |  Business News, Insurance, Taxation, Oil & Gas, Maritime News, Ghana, Africa, World

NorvanReports is a unique data, business, and financial portal aimed at providing accurate, impartial reporting of business news on Ghana, Africa, and around the world from a truly independent reporting and analysis point of view.

© 2020 Norvanreports – credible news platform.
L: Hse #4 3rd Okle Link, Baatsonaa – Accra-Ghana T:+233-(0)26 451 1013 E: news@norvanreports.com info@norvanreports.com
All rights reserved we display professionalism at all stages of publications

No Result
View All Result
  • Home
  • Business
    • Agribusiness
    • Aviation
    • Energy
    • Insurance
    • Manufacturing
    • Real Estate
    • Maritime
    • Tourism
    • Transport
    • Banking & Finance
    • Trade
    • Markets
  • Economy
  • Reports
  • Technology
    • Cryptocurrency
    • Cyber-security
    • Social Media
    • Tech-guide
    • Telecom
  • Features
    • Interviews
    • Opinions
  • Lifestyle
    • Entertainment
    • Sports
    • Travel
    • Environment
    • Weather
  • NRTV
    • Audio
    • Video

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
NORVANREPORTS.COM | Business News, Insurance, Taxation, Oil & Gas, Maritime News, Ghana, Africa, World
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.