The 4shared file sharing app, one of the most popular on the Google Play Store, would be employing invisible ads and subscribing its users to paid services without consent.
That's what virtual security researchers at British firm Upstream say.
According to CEO Guy Krief, the activities take place in secret, with nothing displayed on the Android phone screen.
4shared spokesman Irin Len said the company was not aware of fraudulent activity until the study was released.
The program has been replaced by another app, without the suspicious codes, which has been downloaded over 10 million times.
New WannaLocker Malware Reaches Mobile Phones and May Steal Bank Data
4shared accused of including code that generates false clicks and unauthorized user purchases Photo: Helito Beggiora / dnetc
Want to buy a cell phone, TV and other discounted products? Meet the Compare dnetc
Secure D, Upstream's anti-fraud advertising platform, said more than 114 million suspicious mobile transactions made in the app were identified and blocked.
The operations were performed by two million Android devices in 17 countries and can cost users up to $ 150 million, equivalent to about $ 580 million in direct conversion.
According to experts, the app includes dangerous codes created by the Chinese marketing company Elephant Data.
The component is responsible for generating false views and automatic clicks on advertisements and fraudulent purchases.
To hide your steps, the software obfuscates the addresses it accesses using redirect chains, and sets a cookie to identify if the device has already acted.
According to spokeswoman Irin Len, 4shared has partnered with Elephant Data to monetize the service, but the cooperation has now been terminated.
In April, 4shared, which had over 100 million downloads on the Google Play Store, disappeared from the store.
It has been replaced by another app, without the suspicious codes, which has been downloaded over 10 million times.
According to Len, the original application was removed by Google "for no reason" but, as there was suspicion about the third party components, the company made the adjustment and relaunched the program.
The sharing service claims that it no longer has control over the old app, and cannot provide an update to fix the issue.
Via TechCrunch and Secure Lab
How to Remove Virus on an Android Phone