Popular iOS SDK Caught Spying on Billions of Users and Committing Ad Fraud:
A popular iOS software development kit (SDK) used by over 1,200 apps—with a total of more than a billion mobile users—is said to contain malicious code with the goal of perpetrating mobile ad-click fraud and capturing sensitive information.
According to a report published by cybersecurity firm Snyk, Mintegral — a mobile programmatic advertising platform owned by Chinese mobile ad tech company Mobvista — includes an SDK component that allows it to collect URLs, device identifiers, IP Address, operating system version, and other user sensitive data from compromised apps to a remote logging server.
The malicious iOS SDK has been named "SourMint" by Snyk researchers.
"The malicious code can spy on user activity by logging URL-based requests made through the app," Snyk's Alyssa Miller said in a Monday analysis. "This activity is logged to a third-party server and could potentially include personally identifiable information (PII) and other sensitive information."
"Furthermore, the SDK fraudulently reports user clicks on ads, stealing potential revenue from competing ad networks and, in some cases, the developer/publisher of the application," Miller added.
Although the names of the compromised apps using the SDK have not been disclosed, the code was uncovered in the iOS version of the Mintegral SDK (6.3.5.0), with the first version of the malicious SDK dating back to July 17, 2019 (5.5.1). The Android version of the SDK, however, doesn't appear to be affected.
(Score: 3, Insightful) by Freeman on Tuesday August 25 2020, @04:30PM (7 children)
Hey, that's not limited to China! Just look at the super secure Microsoft, Windows OS. Sure, China is in the news a lot, because they don't care too much about being caught. So long as it was a scheme that was able to rake in massive piles of money. They'll just retool and go at it again. With zero repercussions, other than the lack of revenue from the previous shady dealing. That could just be chocked up to the cost of doing business on their part, though.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 1) by fustakrakich on Tuesday August 25 2020, @05:05PM (1 child)
When did Trump take over China?!
La politica e i criminali sono la stessa cosa..
(Score: 0) by Anonymous Coward on Tuesday August 25 2020, @11:34PM
He didn't, he's just stepping down from the high ground and following suit playing the game at the enhanced level as his competitors, meanwhile half of America is still standing on the proverbial high ground chastising him blaming the player instead of the game.
(Score: 5, Insightful) by Thexalon on Tuesday August 25 2020, @05:57PM (1 child)
Yes, but if we talk about the Chinese spying on you instead of the US and US-based corporations, then we can get you focused on the scary foreigners and help you forget about your home-grown oppression.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 0) by Anonymous Coward on Tuesday August 25 2020, @06:07PM
Thank you for your defense of whataboutism. $0.50 has been deposited into your account.
(Score: 2) by barbara hudson on Saturday August 29 2020, @03:47AM (2 children)
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 2) by Freeman on Monday August 31 2020, @03:07PM (1 child)
I wouldn't say "Look no further", but I would say, you don't have to look any further than that to find spyware. That's just the obvious, low hanging fruit.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by barbara hudson on Monday August 31 2020, @06:26PM
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.