As the Double 11 promotion approaches, you may find that the frequency of various pop-up windows has increased significantly. As for the background, Huorong Security today released a security report on the shady story of a series of corporate traffic hijackings headed by Master Lu. Tinder said,Many software manufacturers, including Chengdu Qilu Technology Co., Ltd. and Tianjin Almond Eucalyptus Technology Co., Ltd., are building a large-scale promotion industry chain through cloud control configuration and remotely opening promotion modules to realize traffic monetization.
These manufacturers issue configuration instructions through the cloud and dynamically control the promotion behavior of the software. Different companies and their products have different promotion methods.Taking Master Lu, a subsidiary of Chengdu Qilu Technology, as an example, its promotion activities include but are not limited to:
Browser pop-ups promote "Legendary" web games
Silently install third-party software
Tamper with JD.com web links and insert Jingfan promotion parameters to obtain commissions
Baidu search box pops up with channel identification
Implant a browser extension that disguises itself as a normal application
In fact, normally, traffic promotion is also a common profit model for Internet companies. However, these manufacturers use a variety of technical countermeasures such as data encryption, code obfuscation, dynamic loading, and multi-layer jumps to hinder security analysis and behavior recurrence, and deliberately conceal their behaviors that harm the user experience.
The most important thing is that they use user traffic for monetization operations without fully informing users or deliberately vaguely informing users of relevant situations. At the same time, they use various means to avoid the supervision of online public opinion and evade public scrutiny.
The specific analysis process is relatively complicated, so I will not go into details here. Those who are interested can click here to view the details.
