Popular video editing app VivaVideo is allegedly being used as part of mobile ad fraud scheme that has attempted more than 20m suspicious transactions.

The Android version of the app, which has more than 100m downloads, has allegedly been attempting to initiate subscription charges while serving hidden ads to users in order to generate fake clicks, Upstream’s Secure-D has discovered. Successful attempts would have seen the advertiser pay commission to an affiliate, who would have then paid the bad actor responsible for the fraud. Secure-D’s block of the transactions may have saved users over $27m.

“As video sharing becomes increasingly popular in apps like TikTok and Instagram, more users are looking for ways to edit their content. However, bad actors are also scaling up their activity and technology, and they are wreaking havoc in apps like VivaVideo,” said Geoffrey Cleaves, Head of Secure-D at Upstream.

More than 1m devices have been infected across 19 countries, including the UK, Indonesia, Egypt, Thailand, and Russia. The worst hit country is Brazil, where over 11.5m fraudulent transactions were attempted that could have unknowingly cost Brazilians $10.3m in subscriptions they did not intend to purchase.

Upstream also found that the app contains code which checks for monitoring software on a device. When this software is installed, the app was found to stop running all suspicious background activity to cover up its apparent fraudulent behaviour.

Older versions of the VivaVideo app are known to contain an SDK which is banned by Google from Batmobi. Despite the ban, the SDK can still be shared between users with older versions of Android on their handsets.

As such, the advice from Upstream is to update to the latest version of the VivaVideo app.