Categories: AdwareAndroid

Chinese Video App VidMate Stealing Personal Data, Drain Battery, Fake Ad Click to Generate Revenue From 500 Million Android Users

Most popular video app VidMate caught up for various malicious activities in their customers Android mobiles including drain users battery, collecting personal information, Create fake ad click-through invisible ads to generate revenue from 500 million users who have installed VidMate.

Vidmate is one of the world most popular Android Video app for download and streaming videos from popular services, including Dailymotion, Vimeo, and YouTube.

Chinese company Alibaba owns Vidmate currently not available in the Google Play store, but they are distributing through third-party store including CNET or Uptodown.

A recent research report from Upstream reveals that “VidMate subjects its users to a range of suspicious behavior that could be costing them money, draining their phone batteries, and exposing their personal information.”

VidMate is mainly displaying hidden ads in users Android mobile and generating fake clicks, perform suspicious behavior that leads to cost money, extremely draining batteries.

It also performs other malicious activities like installs other suspicious apps without consent and collects personal users’ information using hidden software within the app.

130 Million Suspicious Transaction Attempts

There is 130 Million suspicious Transaction attempt by VidMate was flagged and terminated by Upstream’s security platform, Secure-D.

These attempts were initiated from 5 Million unique devices from 15 countries, and the blocked traction would cost nearly $170 if those malicious transactions weren’t terminated.

Guy Krief, the CEO of Upstream, said to buzzfeednews, “users who download and open VidMate “surrender control of their phone and personal information to a third party.”

According to Upstream, “Most of the suspicious activity, which is still ongoing, was largely centered in 15 countries. 43 million of the suspicious transactions flagged by Secure-D are coming from devices in Egypt, 27 million from Myanmar, 21 million from Brazil, 10 million from Qatar, and 8 million from South Africa. Among the top affected markets are also Ethiopia, Nigeria, Malaysia and Kuwait.”

Based on the lab test result, VidMate consumes battery life and bandwidth, eating up more than 3GB of data per month, and it leads users to pay up to $100 for mobile data.

“VidMate also collect personal information without notifying the user. This data, which included a unique number associated with a person’s phone and their IP address, was sent to servers in Singapore belonging to Nonolive, a streaming platform for gamers that is funded by Alibaba.”

Similarly, Google Banned An App Developer whose Apps Installed 500 Million Times Followed the Previous Massive Ad Fraud Campaign.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

1 hour ago

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

2 hours ago

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…

4 hours ago

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

8 hours ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

9 hours ago

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…

9 hours ago