A keyboard app that has been downloaded more than 40 million times has rung up millions of dollars in fraudulent charges by secretly making premium purchases on a targeted device.

The mobile security firm Upstream reported the keyboard app a.type had resided in the Google Play app store until its removal in June 2019, but it can still found in third-party Android stores and remains in use by many people unaware of its malicious nature. The company noted and blocked some 14 million transactions took place from about 110,000 devices that have the keyboard, with most of the victims in Egypt and Brazil.

If all the charges had gone through, it would have cost the device owners about $18 million.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.