Malicious code embedded in the Chinese mobile ad platform Mintegral SDK, used by 1,200-plus iOS apps downloaded more than 300 million times monthly, is siphoning off advertising dollars.

The Mintegral SDK platform is intended to give app developers and advertisers an opportunity to monetize their ad-based marketing. But researchers from Snyk found evidence that other ad platforms the apps legitimately are using might intercept the clicks of SDK users (i.e., ad revenue) and could spy on any URL-based request made from within the application. The recently discovered ad fraud and data leak appears to have run rampant in the AppStore since July 2019, according to a Snyk blog post.

“The primary goal of the malicious code that Snyk uncovered in this SDK appears to be hijacking user clicks on ads within the app,” wrote researcher Alyssa Miller wrote in the post.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.