A weather forecasting app from Chinese company TCL Communications has once again been caught making digital purchases of premium services without the knowledge of the phone’s owner. It is the second time the app has been exposed for this activity.
First caught in January 2019 by mobile technology company Upstream to be triggering false premium transactions and, at the time, secretly harvesting consumer data, the app – called Weather Forecast: World Weather Accurate Radar – is preinstalled on specific Alcatel phones and also available on Google Play Store. Following the revelation by Upstream the app immediately ceased its background activity and was withdrawn from the Play Store.
However, after an idle two-month period and despite the earlier exposure, Upstream says its Secure-D mobile security platform combating advertising fraud detected and blocked some 34 million fresh suspicious transaction attempts from Weather Forecast. The version of the weather app preinstalled on Alcatel Pixi4 devices attempted to subscribe nearly 700,000 mobile consumers to premium digital services without their knowledge in just six months.
Upstream is advising Pixi4 Alcatel device owners to check their phones for unusual behavior. Users should regularly check their phones and remove any reported malware. They should also check their bills for unwanted or unexpected charges for accessing premium data services and to look out for signs of increased data usage which could indicate a malicious app is consuming data in the background. To help check for malicious mobile apps, Upstream has launched the Secure-D Index, a free-to-use malware detection center that lists suspicious mobile apps that the company has blocked around the world.
Secure-D is Upstream’s specialist solution used by operators to process mobile transactions and detect and block advertising fraud. Last year, the Secure-D platform processed more than 1.8 billion transactions and found 30 million consumer devices affected by some 63,000 malicious apps.