An iOS app SDK called Mintegral was found to contain malicious code that would hijack ad clicks so that iOS thinks a user clicked on one of its ads, instead of those belonging to a competitor. This SDK is used by over 1,200 apps representing over 300 million downloads per month.
The malicious code was uncovered in the iOS versions of the SDK from the Chinese mobile ad platform provider, Mintegral dating back to July 2019. The malicious code can spy on user activity by logging URL-based requests made through the app. This activity is logged to a third-party server and could potentially include personally identifiable information (PII) and other sensitive information. Furthermore, the SDK fraudulently reports user clicks on ads, stealing potential revenue from competing ad networks and, in some cases, the developer/publisher of the application.
Check It Out: ‘Mintegral’ iOS App SDK Caught Hijacking Ad Clicks