Friday, May 2, 2025
HomeAdwareChinese Video App VidMate Stealing Personal Data, Drain Battery, Fake Ad Click...

Chinese Video App VidMate Stealing Personal Data, Drain Battery, Fake Ad Click to Generate Revenue From 500 Million Android Users

Published on

SIEM as a Service

Follow Us on Google News

Most popular video app VidMate caught up for various malicious activities in their customers Android mobiles including drain users battery, collecting personal information, Create fake ad click-through invisible ads to generate revenue from 500 million users who have installed VidMate.

Vidmate is one of the world most popular Android Video app for download and streaming videos from popular services, including Dailymotion, Vimeo, and YouTube.

Chinese company Alibaba owns Vidmate currently not available in the Google Play store, but they are distributing through third-party store including CNET or Uptodown.

- Advertisement - Google News

A recent research report from Upstream reveals that “VidMate subjects its users to a range of suspicious behavior that could be costing them money, draining their phone batteries, and exposing their personal information.”

VidMate is mainly displaying hidden ads in users Android mobile and generating fake clicks, perform suspicious behavior that leads to cost money, extremely draining batteries.

It also performs other malicious activities like installs other suspicious apps without consent and collects personal users’ information using hidden software within the app.

130 Million Suspicious Transaction Attempts

There is 130 Million suspicious Transaction attempt by VidMate was flagged and terminated by Upstream’s security platform, Secure-D.

These attempts were initiated from 5 Million unique devices from 15 countries, and the blocked traction would cost nearly $170 if those malicious transactions weren’t terminated.

Guy Krief, the CEO of Upstream, said to buzzfeednews, “users who download and open VidMate “surrender control of their phone and personal information to a third party.”

According to Upstream, “Most of the suspicious activity, which is still ongoing, was largely centered in 15 countries. 43 million of the suspicious transactions flagged by Secure-D are coming from devices in Egypt, 27 million from Myanmar, 21 million from Brazil, 10 million from Qatar, and 8 million from South Africa. Among the top affected markets are also Ethiopia, Nigeria, Malaysia and Kuwait.”

Based on the lab test result, VidMate consumes battery life and bandwidth, eating up more than 3GB of data per month, and it leads users to pay up to $100 for mobile data.

“VidMate also collect personal information without notifying the user. This data, which included a unique number associated with a person’s phone and their IP address, was sent to servers in Singapore belonging to Nonolive, a streaming platform for gamers that is funded by Alibaba.”

Similarly, Google Banned An App Developer whose Apps Installed 500 Million Times Followed the Previous Massive Ad Fraud Campaign.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Managing Shadow IT Risks – CISO’s Practical Toolkit

Managing Shadow IT risks has become a critical challenge for Chief Information Security Officers...

Application Security in 2025 – CISO’s Priority Guide

Application security in 2025 has become a defining concern for every Chief Information Security...

Preparing for Quantum Cybersecurity Risks – CISO Insights

Quantum cybersecurity risks represent a paradigm shift in cybersecurity, demanding immediate attention from Chief...

Securing Digital Transformation – CISO’s Resource Hub

In today’s hyper-connected world, securing digital transformation is a technological upgrade and a fundamental...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

GPUAF: Two Methods to Root Qualcomm-Based Android Phones

Security researchers have exposed critical vulnerabilities in Qualcomm GPU drivers, impacting a vast array...

SpyMax Android Spyware: Full Remote Access to Monitor Any Activity

Threat intelligence experts at Perplexity uncovered an advanced variant of the SpyMax/SpyNote family of...

43% of Top 100 Enterprise Mobile Apps Expose Sensitive Data to Hackers

A comprehensive study by zLabs, the research team at Zimperium, has found that over...