Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Chinese Ad Firm Is Using Malware to Get More Clicks (vice.com)

Posted by msmash on from the speeds-and-feeds dept.

An anonymous reader shares a Motherboard report: Advertising agencies go to great lengths to spread their clients' messages. Now, researchers have uncovered a new approach: malware. This month, cybersecurity company Check Point reports that a Chinese group called Yingmob has distributed mobile device malware on a massive scale, apparently alongside a legitimate advertising analytics business. Listed as based in Beijing's Chaoyang District, Yingmob, a subsidiary of MIG Unmobi Technology Inc., markets itself like any other advertising firm. Its professional-looking website claims its easy-to-deploy ads support text, pictures, and video, and don't affect the user experience. It offers pop-up, sidebar, and in-app adverts. But Check Point's report claims that part of the company -- the "Development Team for Overseas Platform," which employs a staff of 25 people -- is responsible for malware it has dubbed HummingBad. This malware allows the injection of adverts into victims' devices. Whenever someone clicks on one of these adverts, Yingmob gets paid, just like a typical advertising campaign. The first infection method Check Point came across was a "drive-by-download," whereby Yingmob's malware targets a victim when they visit a malicious website, then proceeds to download malicious apps onto their device. In its analysis, Check Point writes that nearly 10 million people are using malicious Android apps made by Yingmob.

26 comments

  1. Stop using Android by Anonymous Coward · · Score: 0

    If you don't want Android vulnerabilities, stop using Android. Google uses GMS licensing to prevent competition but not to ensure timely updates get delivered to users. Do no evil, my ass. The only solution is, as I said, to stop using Android.

  2. So? by Anonymous Coward · · Score: 0

    The ad business is a train wreck. I wouldn't say Google or Facebook are any better. They steal all your private data. Either you want ads and you live with this kind of crap, or you don't, and make online ads illegal.

    1. Re:So? by Anonymous Coward · · Score: 0

      > They steal all your private data

      Collect. Steal implies you own an exchange of services, which you don't. Maybe they don't either, but that's why both parties can collect and use it. You're just bitter you can't monetize it yet.

  3. Time to spread the following by Gojira+Shipi-Taro · · Score: 2

    "Yingmob uses this platform to promote Tibetan Independence."

    The matter should sort itself out rather quickly.

    --
    "Oh my God. This is terrible. This is the end of my Presidency. I'm fucked."; ~ Donald J. Trump
    1. Re:Time to spread the following by Rick+Zeman · · Score: 1

      "Yingmob uses this platform to promote Tibetan Independence."

      The matter should sort itself out rather quickly.

      ...care of the Chinese Secret police.

  4. New low by dr.Flake · · Score: 1

    I think we can conclude the business model of advertising paying for content is currently failing.
    Users are overwhelmed with advertising, but spend only so much. Solution: more advertising.

    So now it seems like 90% of the bits is download to read some information, is not the information itself, but adverts and tracking shit. What's next year, 98%, 99.9%?
    At what point will this model fail. Or, already has, as apparently malware is needed to boost the income.

    Adblockers will be seen as the solution to evade this malware, more decline, more adverts, repeat ad nauseam, till it crashes. I can hear the front of the bus crushable wrinkle already. Listen carefully, you can hear it too.........

    --
    Why are other peoples sig's always more witty ???
    1. Re:New low by Anonymous Coward · · Score: 0

      The issue is, there is a wall that the ad bubble is going to smack hard against:

      1: If I visit "IFL Science"'s web page on iOS, they have popover ads that shunt people to a "free iPhone" site, demanding all kinds of personal info, asking questions like "anyone in your house fat or incontinent", then demanding people complete 3-4 "offers" like agreeing to multi-year subscriptions and other shit. The EULA agreeing to business contact, regardless of the Do Not Call policies is laughable, it reminds me of a drug dealer forcing customers to sign a paper that they are not narcs. Result is that I either use an ad blocker, or just don't bother with clickbait shit.

      2: We are already having sites demand registrations before showing content. Quora comes to mind, as well as Pinterest.

      3: Sites are already demanding their own apps, so they can shut users to ad provider sites at random without warning (FB is the main culprit... click on a lot of links, and there is a good chance you will be looking at a site asking you for personal info.)

      4: Malvertising is on par with Trojans as a primary, if not the primary source of infections on the Internet.

      5: Things like the DMCA, CFAA, and such are being brought out to defend ads, and are not exactly successful.

      6: Social media isn't used as much as it once was. Turning someone into a cat or fish using Snapchat lenses is getting old.

      7: TV as a medium is for older people, because most don't want to sit through 15 minutes of shit in order to watch 5-10 minutes of content. Plus, one can find better entertainment elsewhere.

      8: It used to be that ad companies were viewed as neutral; a necessary evil. Now with malware bundled, extremely intrusive ads, and having to block stuff as a matter of security, they are viewed not as a necessary evil, but a pure evil, out to try to slurp as much info as possible. If the FBI did as much crap with browser fingerprinting, permanent cookies, and so on, there would be uproars on Capital Hill... but done in the private sector, with that info sold to anyone who wants it, nobody even bothers saying a single thing.

      9: It is only getting worse, be it transparent ads which grab the screen while scrolling, stuff that intercepts your keystrokes on a site, things that pretend to be applications (scareware), and Much More (tm).

      Can't go much further to piss people off. Even the millennials who click on anything related to iPhones and beard oil are not interested in that crap anymore.

  5. Here is my shocked face... by Anonymous Coward · · Score: 0

    :|

  6. Isn't all advertising malware by Anonymous Coward · · Score: 3, Insightful

    crap that takes system resources without permission, sounds like malware AND advertising to me

    1. Re:Isn't all advertising malware by _Sharp'r_ · · Score: 1

      So, according to this article, using advertising with Malware is a new approach?

      Have they never heard the term, adware? What do they think adware does?

      --
      The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
  7. Heh by Anonymous Coward · · Score: 0

    News on 11:

    Ad publishers collude with "traffic vendors"

    80 percents of traffic on mopub and admob comes from Russia clickfarms

  8. heh by fubarrr · · Score: 0

    News on 11: Ad publishers collude with "traffic vendors" 80 percents of traffic on mopub and admob comes from Russia clickfarms

  9. Whenever someone clicks on one of these adverts by Anonymous Coward · · Score: 1

    Meaning that there really *are* people that actually click on adverts?
    They deserve what they get, then

    1. Re:Whenever someone clicks on one of these adverts by Anonymous Coward · · Score: 0

      Who are those people, anyway?

      Because I've been on the net since before it had advertising *at all*, and also before it had spam. I've never clicked on an ad in all of that time. I don't know anyone who clicks on them, either. I've never encountered someone like that in my whole life.

      So who is doing that? Who are those people, and what on earth are they thinking?

    2. Re:Whenever someone clicks on one of these adverts by Anonymous Coward · · Score: 0

      On mobile, it's petty fucking easy to accidentally click an ad. I've often had sites that lag significantly, and by the time it processes my click, an ad has popped up just in that spot. I've had fat fingers and click just a little too far over by mistake.

      And I find it hard to believe that you've been on the net since the late '80s / early '90s and in all that time have NEVER clicked an ad.

    3. Re:Whenever someone clicks on one of these adverts by Anonymous Coward · · Score: 0

      Interesting point about mobile. That's outside my experience, since I don't load ads on mobile devices (or my desktop for that matter), but I certainly believe you.

      '83 to be exact (long before the web existed), and why is it so hard to believe? For quite a long time it's been easy to not click on ads because I block them. I have a zero tolerance policy towards using my computer without my permission, and ads do not have said permission. There have probably been very few ads loaded at all, and I'm pretty damn sure I have clicked on exactly zero of the ones that ever made it through. Most of those were in the very early days of web banner ads, when they were brand new and unexpected.

      In broader life outside the internet, me seeing an ad for product X makes product X go onto my personal shit-list of things to never, ever buy. Since I try to avoid ads in general, that doesn't happen too often, but it has. There are plenty of brands I will never buy because they went out of their way to thrust their advertising in front of my eyeballs or ears.

  10. Oh noes by JustAnotherOldGuy · · Score: 1

    "A Chinese Ad Firm Is Using Malware to Get More Clicks"

    An ad company breaking the rules and using malware to increase profits? Lol, say it isn't so!

    And they wonder why we use ad blockers....

    --
    Just cruising through this digital world at 33 1/3 rpm...
  11. Re: Please port malware to Linux by youngone · · Score: 1

    Umm, Linux IS malware by most defintions...etc

    Which humourless idiot modded this -1. It's funny as hell.

  12. Chinese cheat by mi · · Score: 2

    Chinese cheat. Period. Ex-Soviets and formerly-Cubans do too. No, this is not "racism" — the trait is not genetic, it is cultural. When you are dealing with the abusive State for most of the things, cheating is the only way to have a reasonably comfortable life. It is not considered wrong or dishonest — everybody does it.

    Western world weren't cheating quite so much not because they are racially superior somehow, but simply because they don't interact with the State as much as victims of Socialism/Communism are forced to.

    It is coming to America as well — and not just with the immigrants, but with the "natives" too, because the State (comparably abusive in all countries) is increasingly in charge of various aspects of our lives. From tax-evaders, to highway speeders swearing they "didn't do it", to "workman's compensation" false claims, to Medicare fraud — cheating the government and the fugly bureaucrats who represent it is Ok.

    And then you forget to stop and cheat even the business partners... Consider it PTSD — with Socialism being the trauma.

    --
    In Soviet Washington the swamp drains you.
    1. Re:Chinese cheat by jandersen · · Score: 1

      Chinese cheat. Period. Ex-Soviets and formerly-Cubans do too. No, this is not "racism" â" the trait is not genetic, it is cultural. When you are dealing with the abusive State for most of the things, cheating is the only way to have a reasonably comfortable life. It is not considered wrong or dishonest â" everybody does it.

      Western world weren't cheating quite so much not because they are racially superior somehow, but simply because they don't interact with the State as much as victims of Socialism/Communism are forced to.

      You've got yourself some "interesting" theories there. But first about "racism": the term was never used in a stricly genetic sense; not only is skin colour a very superficial criterium with very little genetic background, but right from the beginning, the term "race" was used to label "them" as different from "us" - hence the British Race, the Spanish Race, the Jewish Race etc. Its influence even showed up in terms like "breeds" - working class people of the so-called "British Race" were a different breed from aristocrats, obviously. In modern times, racism has come to signify any unfair discrimination based on superficial differences - hence it is reasonable to talk about racism in the loose sense, in this case. The fact that you defend youself against being called a racist shows that you are aware of this. People are not somehow worse morally or of lower intelligence or whatever, simply because they are from a different cultural or political background; it might even be that you are the one lacking something - a sensible person would always take that into consideration.

      As for what is the reason why there appears to be more companies from Russia or China that engage in dubious practices, it may be worth looking back at the history of America or UK. The Wild West was lousy with quacks and other fraudsters, until the dreaded state stepped in and forced some rules on them. You will find the same pattern in UK and the rest of Europe as well: the unregulated, free market encourages cheating, fraud and ruthless exploitation, and the state is force to step in to regulate things to the benefit of the common people. What has happened in both China and Russia is the same thing: the state loosened its control, and fraudsters popped up in great numbers; now the state needs to go and exert some form of control again. So, even if you think Communism is a bad thing in itself, its failings have less to do with the state control and more to do with poor administration and inability to build trust between individuals and the state; not so different from the way it is in the US.

    2. Re:Chinese cheat by Anonymous Coward · · Score: 0

      Trust it to a Libertarian - people who define themselves based on their desire to cheat, due to lionizing 'self-interest' above all else - to blame 'the state' for people cheating, rather than the people 'following their self-interest' for cheating, as if it's meant to be some profound piece of wisdom.

      I've said it before in recent discussions, Slashdot is being used as a blatant outlet for Libertarian propaganda lately - and you regularly see this kind of Libertarian soapboxing get upvoted quite regularly here, and opposing views downvoted (no 'cheating' there...).

    3. Re:Chinese cheat by mi · · Score: 1

      But first about "racism": the term was never used in a stricly genetic sense

      Ah, once again, Illiberal "Progressives" redefine terms to suit their agenda...

      hence the British Race, the Spanish Race, the Jewish Race

      Sorry, would not fly. The dictionary says (emphasis mine):

      race: people who are believed to belong to the same genetic stock;

      The fact that you defend youself against being called a racist shows that you are aware of this

      I am aware of folks like yourself, who would — incorrectly — claim "racism", where there is not any.

      worth looking back at the history of America or UK. The Wild West was lousy with quacks and other fraudsters

      Citations?

      until the dreaded state stepped in and forced some rules on them

      I'm yet to see evidence, the state's rules are helping.

      the unregulated, free market encourages cheating, fraud and ruthless exploitation

      You promise, I'll find evidence of this, but you aren't offering any such evidence yourself. The burden of proof is on you — put up or shut up.

      even if you think Communism is a bad thing in itself, its failings have less to do with the state control and more to do with poor administration and inability to build trust between individuals and the state

      Despite several attempts — by people of various racial, cultural, and religious backgrounds, Communism has failed spectacularly. Despite killing over 90 million people in 20th century and left the destitute survivors with neither human rights nor material wealth. It really is a "bad thing in itself", whatever spin you may attempt to put on it as you not-so-subtly attempt to justify "trying again".

      --
      In Soviet Washington the swamp drains you.
    4. Re:Chinese cheat by MrKaos · · Score: 1

      And then you forget to stop and cheat even the business partners... Consider it PTSD — with Socialism being the trauma.

      All your isms have failed. None of the economic systems that have existed have ever delivered us from corruption that exists, so the structural issues that the world faces so that we can *evolve* are never addressed. That because the established powers beget more power and why would they want the status quo challenged?

      Corruption exists to supplement power.

      --
      My ism, it's full of beliefs.
  13. Best malware & adblocker bar-none by Anonymous Coward · · Score: 0

    APK Hosts File Engine 9.0++ SR-4 32/64-bit http://www.bing.com/search?q=%...

    Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus (slows you) + less security issues/complexity. Compliments firewalls (w/ layered drivers blocking less used IP addys vs. hosts blocking more used domains) & DNS (lightens dns load). Gets data via 10 security sites.

    Ads rob bandwidth/speed, security (malvertising), privacy (tracking) + anonymity.

    Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively. Hosts != ClarityRay blockable (vs. souled-out to admen inferior wasteful redundant slow usermode addons)

    Works vs. caps & HTTP PUSH ads w/ firewalls.

    Avg. webpage = big as Doom http://www.theregister.co.uk/2... & ads = 40% of the size.

    APK

    P.S. - Safe https://www.virustotal.com/en/... (Verified by Malwarebytes' S. Burn "I've seen the code & it's safe" http://forum.hosts-file.net/vi... )