Tuesday, January 14, 2025
HomeAdwareChinese Video App VidMate Stealing Personal Data, Drain Battery, Fake Ad Click...

Chinese Video App VidMate Stealing Personal Data, Drain Battery, Fake Ad Click to Generate Revenue From 500 Million Android Users

Published on

Most popular video app VidMate caught up for various malicious activities in their customers Android mobiles including drain users battery, collecting personal information, Create fake ad click-through invisible ads to generate revenue from 500 million users who have installed VidMate.

Vidmate is one of the world most popular Android Video app for download and streaming videos from popular services, including Dailymotion, Vimeo, and YouTube.

Chinese company Alibaba owns Vidmate currently not available in the Google Play store, but they are distributing through third-party store including CNET or Uptodown.

A recent research report from Upstream reveals that “VidMate subjects its users to a range of suspicious behavior that could be costing them money, draining their phone batteries, and exposing their personal information.”

VidMate is mainly displaying hidden ads in users Android mobile and generating fake clicks, perform suspicious behavior that leads to cost money, extremely draining batteries.

It also performs other malicious activities like installs other suspicious apps without consent and collects personal users’ information using hidden software within the app.

130 Million Suspicious Transaction Attempts

There is 130 Million suspicious Transaction attempt by VidMate was flagged and terminated by Upstream’s security platform, Secure-D.

These attempts were initiated from 5 Million unique devices from 15 countries, and the blocked traction would cost nearly $170 if those malicious transactions weren’t terminated.

Guy Krief, the CEO of Upstream, said to buzzfeednews, “users who download and open VidMate “surrender control of their phone and personal information to a third party.”

According to Upstream, “Most of the suspicious activity, which is still ongoing, was largely centered in 15 countries. 43 million of the suspicious transactions flagged by Secure-D are coming from devices in Egypt, 27 million from Myanmar, 21 million from Brazil, 10 million from Qatar, and 8 million from South Africa. Among the top affected markets are also Ethiopia, Nigeria, Malaysia and Kuwait.”

Based on the lab test result, VidMate consumes battery life and bandwidth, eating up more than 3GB of data per month, and it leads users to pay up to $100 for mobile data.

“VidMate also collect personal information without notifying the user. This data, which included a unique number associated with a person’s phone and their IP address, was sent to servers in Singapore belonging to Nonolive, a streaming platform for gamers that is funded by Alibaba.”

Similarly, Google Banned An App Developer whose Apps Installed 500 Million Times Followed the Previous Massive Ad Fraud Campaign.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Google’s “Sign in with Google” Flaw Exposes Millions of Users’ Details

A critical flaw in Google's "Sign in with Google" authentication system has left millions...

Hackers Attacking Internet Connected Fortinet Firewalls Using Zero-Day Vulnerability

A widespread campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the...

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

New FireScam Android Malware Abusing Firebase Services To Evade Detection

FireScam is multi-stage malware disguised as a fake “Telegram Premium” app that steals data...

Android Security Updates: Patch for Critical RCE Vulnerabilities

The January 2025 Android Security Bulletin has issued important updates regarding critical vulnerabilities that...

Stealthy Steganography Backdoor Attacks Target Android Apps

BARWM, a novel backdoor attack approach for real-world deep learning (DL) models deployed on...