An unusually high number of transaction attempts encountered by Secure-D in Brazil and Malaysia coming from a series of Alcatel Android smartphone models Pixi 4 and A3 Max, led our analysts to investigate deeper. In doing so we identified that a pre-installed Weather forecast application, siphons a lot of data and attempts such transactions. The application package is com.tct.weather and comes from TCL Corporation, a Chinese tech firm known for making the Alcatel and Blackberry devices. It collects and transmits geographic locations, email addresses, IMEIs to a server in China and has a number of privacy invasive permissions on the device. The application was also available on the Google Play store and had more than 10m installs. Had it not been blocked it would have succeeded to subscribe users on Alcatel phones in countries like Brazil, Malaysia and Nigeria to paid services for which users would have been billed more than $1.5 million. This activity occurred in the background and succeeded in remaining undetected by the users, behaving like a typical malicious application.