Malicious code embedded in the Chinese mobile ad platform Mintegral SDK, used by 1,200-plus iOS apps downloaded more than 300 million times monthly, is siphoning off advertising dollars.

The Mintegral SDK platform is intended to give app developers and advertisers an opportunity to monetize their ad-based marketing. But researchers from Snyk found evidence that other ad platforms the apps legitimately are using might intercept the clicks of SDK users (i.e., ad revenue) and could spy on any URL-based request made from within the application. The recently discovered ad fraud and data leak appears to have run rampant in the AppStore since July 2019, according to a Snyk blog post.

“The primary goal of the malicious code that Snyk uncovered in this SDK appears to be hijacking user clicks on ads within the app,” wrote researcher Alyssa Miller wrote in the post.

Once injected, SDK modifies its behavior, thus managing to escape Apple’s app review process.