Light Dark
November 4, 2019 By David Bisson 2 min read

A popular Android emoji keyboard is threatening the 40 million users who downloaded the app from the Google Play store with unauthorized purchases of premium digital content.

Upstream detected and blocked more than 14 million suspicious transactions from 110,000 devices that had downloaded the ai.type Android emoji keyboard. Those transaction requests occurred across 13 countries, though they were particularly prevalent in Egypt and Brazil. Had Upstream not blocked them, the requests would have triggered the purchase of premium digital content that could have cost users a combined total of $18 million.

Developed by Israeli firm ai.type LTD, the keyboard disappeared from the Google Play store back in June 2019. However, the app could still be affecting some, if not all, of the 40 million devices that at one point used Google Play to download it. Additionally, the app remains available for download on other Android marketplaces, thereby potentially exposing even more users.

Understanding ai.type in Context

The ai.type keyboard isn’t the only Android keyboard that’s preyed upon users who’ve downloaded it. Back in September 2017, AdGuard observed the popular GO Keyboard secretly collecting the data of its more than 200 million users and then sending this information to third-party trackers and ad networks.

Less than a year later, Symantec observed Android emoji keyboard additions and other capabilities hidden in seven apps that used various techniques to conceal themselves on and deliver ads to infected devices. And in June 2019, Lookout discovered BeiTaAd, adware that came hidden within popular keyboard apps and other Android programs.

Defending Against Malicious Android Emoji Keyboards

Security professionals can help their organizations defend against malicious Android emoji keyboards like ai.type by deploying a unified endpoint management (UEM) solution that uses artificial intelligence to spot anomalous and potentially malicious behavior on all assets, including mobile devices.

Companies should also keep devices current with the latest updates and use security awareness training to educate users about the dangers of downloading apps from unofficial marketplaces.

 |  |  |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

May 14, 2024

Threat intelligence to protect vulnerable communities

2 min read - Key members of civil society—including journalists, political activists and human rights advocates—have long been in the cyber crosshairs of well-resourced nation-state threat actors but have scarce resources to protect themselves from cyber threats. On May 14, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released a High-Risk Communities Protection (HRCP) report developed through the Joint Cyber Defense Collaborative that addresses the threat to these vulnerable groups, with findings contributed by the X-Force Threat Intelligence team.Cyber criminals seek stolen credentialsThe HRCP…

May 14, 2024

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

May 14, 2024

3 recommendations for adopting generative AI for cyber defense

3 min read - In the past eighteen months, generative AI (gen AI) has gone from being the source of jaw-dropping demos to a top strategic priority in nearly every industry. A majority of CEOs report feeling under pressure to invest in gen AI. Product teams are now scrambling to build gen AI into their solutions and services. The EU and US are beginning to put new regulatory frameworks in place to manage AI risks.Amid all this commotion, hackers and other cybercriminals are hardly…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature