ecurity researchers say the app is secretly displaying invisible ads and subscribes users to paid services, racking up charges without the user’s knowledge or their permission collectively costing millions of dollars.

“It all happens in the background… nothing appears on the screen,”

The researchers say the app contains suspicious third-party code that allowed the app to automate clicks and make fraudulent purchases. They said the component, built by Hong Kong-based Elephant Data, downloads code which is “directly responsible” for generating the automated clicks without the user’s knowledge.

Read full article here