Report claims a popular iOS SDK is stealing click revenue from other ad networks
The suspicious iOS SDK is used by more than 1,200 apps, with 300 million downloads/month.
In an explosive report published today, developer security firm Snyk claims it found malicious code inside a popular iOS SDK used by more than 1,200 iOS applications, all collectively downloaded more than 300 million times per month.
According to Snyk, this malicious code was hidden inside the iOS SDK of Mintegral, a Chinese-based advertising platform.
Mintegral provides this SDK to Android and iOS app developers for free. Developers use the SDK to embed ads inside their apps with just a few lines of code, in order to cut down development time and costs.
https://www.zdnet.com/article/report-claims-a-popular-ios-sdk-is-stealing-click-revenue-from-other-ad-networks/
#Apple #iOS #SDK #malicious
The suspicious iOS SDK is used by more than 1,200 apps, with 300 million downloads/month.
In an explosive report published today, developer security firm Snyk claims it found malicious code inside a popular iOS SDK used by more than 1,200 iOS applications, all collectively downloaded more than 300 million times per month.
According to Snyk, this malicious code was hidden inside the iOS SDK of Mintegral, a Chinese-based advertising platform.
Mintegral provides this SDK to Android and iOS app developers for free. Developers use the SDK to embed ads inside their apps with just a few lines of code, in order to cut down development time and costs.
https://www.zdnet.com/article/report-claims-a-popular-ios-sdk-is-stealing-click-revenue-from-other-ad-networks/
#Apple #iOS #SDK #malicious
ZDNET
Report claims a popular iOS SDK is stealing click revenue from other ad networks
The suspicious iOS SDK is used by more than 1,200 apps, with 300 million downloads/month.
Forwarded from BlackBox (Security) Archiv
Maltrail
Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists, where trail can be anything from domain name (e.g.
π‘Architecture
Maltrail is based on the Traffic -> Sensor <-> Server <-> Client architecture. Sensor(s) is a standalone component running on the monitoring node (e.g. Linux platform connected passively to the SPAN/mirroring port or transparently inline on a Linux bridge) or at the standalone machine (e.g. Honeypot) where it "monitors" the passing Traffic for blacklisted items/trails (i.e. domain names, URLs and/or IPs). In case of a positive match, it sends the event details to the (central) Server where they are being stored inside the appropriate logging directory (i.e. LOG_DIR described in the Configuration section). If Sensor is being run on the same machine as Server (default configuration), logs are stored directly into the local logging directory. Otherwise, they are being sent via UDP messages to the remote server (i.e. LOG_SERVER described in the Configuration section).
π ππΌ https://github.com/stamparm/maltrail#introduction
π ππΌ ipsum:
https://github.com/stamparm/ipsum
#stamparm #maltrail #ipsum #tool #malicious #detection #blacklist
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists, where trail can be anything from domain name (e.g.
zvpprsensinaix.com
for Banjori malware), URL (e.g. hXXp://109.162.38.120
/harsh02.exe for known malicious executable), IP address (e.g. 185.130.5.231
for known attacker) or HTTP User-Agent header value (e.g. sqlmap for automatic SQL injection and database takeover tool). Also, it uses (optional) advanced heuristic mechanisms that can help in discovery of unknown threats (e.g. new malware).π‘Architecture
Maltrail is based on the Traffic -> Sensor <-> Server <-> Client architecture. Sensor(s) is a standalone component running on the monitoring node (e.g. Linux platform connected passively to the SPAN/mirroring port or transparently inline on a Linux bridge) or at the standalone machine (e.g. Honeypot) where it "monitors" the passing Traffic for blacklisted items/trails (i.e. domain names, URLs and/or IPs). In case of a positive match, it sends the event details to the (central) Server where they are being stored inside the appropriate logging directory (i.e. LOG_DIR described in the Configuration section). If Sensor is being run on the same machine as Server (default configuration), logs are stored directly into the local logging directory. Otherwise, they are being sent via UDP messages to the remote server (i.e. LOG_SERVER described in the Configuration section).
π ππΌ https://github.com/stamparm/maltrail#introduction
π ππΌ ipsum:
https://github.com/stamparm/ipsum
#stamparm #maltrail #ipsum #tool #malicious #detection #blacklist
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
GitHub
GitHub - stamparm/maltrail: Malicious traffic detection system
Malicious traffic detection system. Contribute to stamparm/maltrail development by creating an account on GitHub.