Upstream’s Secure-D mobile security platform has caught yet another nasty Android app. The app is called "ai.type keyboard" and it features both a "Lite" ad-supported free version, as well as an ad-free "Plus" spin. The app is basically an emoji keyboard, and at the time of writing this, both of its versions are still available on Google’s Play Store. Upstream mentions its removal back in June, but it may have been cleaned and re-added since then. The app is very popular and has been downloaded by over 40 million individuals, as the emoji craze is still in its culmination.
The problem with "ai.type", according to Upstream, is that the app is carrying out suspicious transaction requests. In fact, Secure-D has detected and blocked 14 million transaction attempts from 110,000 unique devices. The primary way through which these transactions manifest is the deliverance of invisible ads that are clicked by the malware. Some of this activity is even spoofed, being disguised as the activity of Soundcloud or other popular apps that may be present on the phone. Apart from the ads, the app's SDK also contains automatic subscription actions that secretly register the user to premium services. This fraudulent activity was recorded in 13 countries but was particularly high in Egypt and Brazil.
While "ai.type" makes money out of this ad-serving process, the users are being charged for the fetching of the ads. This obviously consumes the available mobile data, and also burdens the device’s processor with an additional load, impacting the overall performance of the devices. That said, the activity of the ai.type may not be apparent, but users can easily realize that something weird is going on by noticing the signs of the dropped performance and the quick eating up of their internet data plans.
Whether or not the existing "ai.type" app on the Play Store is fraudulent, we cannot say for sure at this time. However, if you have installed this app before June 2019, it is almost certain that you are hosting adware on your device. That said, you should remove it immediately, and also run a complete system scan by using a mobile security solution from a reputable vendor. Finally, try to avoid installing applications that you don’t absolutely need. Emoji keyboards may be fun and trendy, but they introduce an unneeded potential for fraudulent charges and device performance drops.
Are you using “ai.type”? Can you confirm any of the above? Share the details with us in the comments down below, or on our socials, via Facebook and Twitter.