Tuesday, May 28, 2024

Chinese Video App VidMate Stealing Personal Data, Drain Battery, Fake Ad Click to Generate Revenue From 500 Million Android Users

Most popular video app VidMate caught up for various malicious activities in their customers Android mobiles including drain users battery, collecting personal information, Create fake ad click-through invisible ads to generate revenue from 500 million users who have installed VidMate.

Vidmate is one of the world most popular Android Video app for download and streaming videos from popular services, including Dailymotion, Vimeo, and YouTube.

Chinese company Alibaba owns Vidmate currently not available in the Google Play store, but they are distributing through third-party store including CNET or Uptodown.

A recent research report from Upstream reveals that “VidMate subjects its users to a range of suspicious behavior that could be costing them money, draining their phone batteries, and exposing their personal information.”

VidMate is mainly displaying hidden ads in users Android mobile and generating fake clicks, perform suspicious behavior that leads to cost money, extremely draining batteries.

It also performs other malicious activities like installs other suspicious apps without consent and collects personal users’ information using hidden software within the app.

130 Million Suspicious Transaction Attempts

There is 130 Million suspicious Transaction attempt by VidMate was flagged and terminated by Upstream’s security platform, Secure-D.

These attempts were initiated from 5 Million unique devices from 15 countries, and the blocked traction would cost nearly $170 if those malicious transactions weren’t terminated.

Guy Krief, the CEO of Upstream, said to buzzfeednews, “users who download and open VidMate “surrender control of their phone and personal information to a third party.”

According to Upstream, “Most of the suspicious activity, which is still ongoing, was largely centered in 15 countries. 43 million of the suspicious transactions flagged by Secure-D are coming from devices in Egypt, 27 million from Myanmar, 21 million from Brazil, 10 million from Qatar, and 8 million from South Africa. Among the top affected markets are also Ethiopia, Nigeria, Malaysia and Kuwait.”

Based on the lab test result, VidMate consumes battery life and bandwidth, eating up more than 3GB of data per month, and it leads users to pay up to $100 for mobile data.

“VidMate also collect personal information without notifying the user. This data, which included a unique number associated with a person’s phone and their IP address, was sent to servers in Singapore belonging to Nonolive, a streaming platform for gamers that is funded by Alibaba.”

Similarly, Google Banned An App Developer whose Apps Installed 500 Million Times Followed the Previous Massive Ad Fraud Campaign.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Website

Latest articles

Researchers Exploited Nexus Repository Using Directory Traversal Vulnerability

Hackers target and exploit GitHub repositories for a multitude of reasons and illicit purposes.The...

DDNS Service In Fortinet Or QNAP Embedded Devices Exposes Sensitive Data, Researchers Warn

Hackers employ DNS for various purposes like redirecting traffic to enable man-in-the-middle attacks, infecting...

PoC Exploit Released For macOS Privilege Escalation Vulnerability

A new vulnerability has been discovered in macOS Sonoma that is associated with privilege...

CatDDoS Exploiting 80+ Vulnerabilities, Attacking 300+ Targets Daily

Malicious traffic floods targeted systems, servers, or networks in Distributed Denial of Service (DDoS)...

GNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials

GNOME desktop manager was equipped with a new feature which allowed remote users to...

Kesakode: A Remote Hash Lookup Service To Identify Malware Samples

Today marks a significant milestone for Malcat users with the release of version 0.9.6,...

Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

 A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software's web-based...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles