We've all been advised not to download third-party apps from an App Store since most of them are malware-ridden but how many of us actually follow it? Malware creators are getting increasingly resourceful with their ways and if you're among the millions of users who have downloaded the ai.type app (available on both Apple's App Store as well as Google's Play Store), there's some bad news for you: you've just dropped some pretty unpleasant malware on your device that will take you on a spending spree, without your consent.
The notorious app secretly signs you up for purchases of premium digital content without their knowledge. The ai.type app is a customizable third-party keyboard app that has been downloaded by more than 40 million users and led to millions of unauthorized transactions billed to the users of the app.
The developer of the app is based in Israel and describes the app as a "Free Emoji Keyboard." Although it has already been removed from the Play Store, it is still active on millions of Android devices and is still available on marketplaces.
The security breach was brought to light by Secure-D, a mobile security platform by leading technology company Upstream, in a report published recently. The app started driving fake clicks on advertisements to generate cash for the malware's creators and had the power to pull up landing pages in the background of the device and automatically click its way through to a successful subscription for a service, without the user ever finding out.
However, the app mostly targeted users from Egypt and Brazil, where it has the freedom to add a subscription to a user's pre-paid mobile airtime minutes, a form of mobile currency that's becoming increasingly popular in some countries, allowing users to exchange it for cash or goods and services.
Nevertheless, if you have the ai.type app, which masks itself as a helpful "personalized keyboard," installed on your device, make sure you uninstall it from your phone immediately and keep your eyes peeled for any fraudulent activity, according to Secure-D.