[problems]

This isn't really malware in the traditional sense, it doesn't damage users of the app itself or harvest information from them, this is simply ad fraud, it only damages Google and its advertisers.

It seems to me like CheckPoint is fishing for internet points with this title.

[astrodust]

It's malware in the traditional sense: "Programs that do things you wouldn't expect or authorize them to do that are harmful either to yourself or to others."

[eternalban]

I certainly didn't "expect" (nor ever authorize) my browser to maintain open SSL connections to servers in googleplex sending them God knows what.

Does that mean Chrome is malware, too?

[whatshisface]

We'd probably be a lot further along if we all considered greasy hidden behaviors just as bad as greasy hidden behaviors written by those who don't pay taxes.

[RKearney]

If it makes you feel any better, Google hasn't supported SSL for some time.

Open TLS connections on the other hand, well now that's a different story.

[yeukhon]

Well malware has many categories and one is adware.

[bobsam]

If I read the article correct it downloads JavaScript code to load ad pages.

It never bypassed the sandbox. I don't think you can call this malware

[openasocket]

I work in the security space, and I would definitely consider this malware. Generally, any software used with a malicious purpose is considered malware. As an example, keyloggers generally aren't exploiting any vulnerability (though malware often uses a vulnerability to install the keylogger in the first place), they're using the standard functionality of the computer as intended, but with malicious intent, and so keyloggers are considered malware. It's not breaking out of the sandbox, but it turns out the sandbox is a pretty big place with a lot of room to do what it wants, so why bother trying to break out?

[problems]

Yeah, technically I can see it as malware, but not really in the same way... keyloggers obviously harm the user in collecting data against them, there's no malicious intent against the user here. This is only a minor increase over the already quite nasty but common mobile advertising practices.

In fact, I'd argue the information harvesting most mobile ad networks do is much more harmful than this click fraud. Do we ban all of those as malware too? Most them don't mention that they send things like unique device identifiers, connected wifi networks or Google account information.

[wordupmaking]

This is not so much a matter of debate as of reading up.

https://en.wikipedia.org/wiki/Malware

> Some malware is used to generate money by click fraud, making it appear that the computer user has clicked an advertising link on a site, generating a payment from the advertiser. It was estimated in 2012 that about 60 to 70% of all active malware used some kind of click fraud, and 22% of all ad-clicks were fraudulent

If you want to coin a new term feel free, but malware means what it means and refers to malicious, not "more malicious than", not "malicious against the user" etc.

[problems]

Does this encompass malware that sends unique device identifiers to 3rd parties? Google account names? Or are those extremely common practices not considered malicious at all? In my opinion those are much more malicious actions. The only way to compare malicious with malicious is indeed relative. If one arguably malicious action is prohibited but another is not, you have to question the motivations. "More malicious than" common practice therefore seems like a very good question to ask.

[wnevets]

>there's no malicious intent against the user here

Eating up their battery/resources running hidden code that pretends to be them is kinda malicious. I also count hidden bitcoin miners as malicious.

[cortesoft]

Isn't that all ads, then? I mean, as an end user, which is more harmful to you - downloading a bunch of ads and filling your screen with them, or downloading a bunch of ads and not displaying them?

You are going to use more battery and resources actually displaying the ads, not to mention the worse user experience. If I had to pick between the two, I would prefer 'download and don't display' over 'download and display'

[problems]

For sure, but any extra battery and resource consumption here would be extremely minor compared to a bitcoin miner. Many apps do various forms of push advertising and background reporting which does quite similar things, do you consider that to be malware too? Ultimately the only difference here is that this one abuses Google and their advertisers instead of the user, which seems to be an accepted and common advertising practice. In my opinion at least, it's not significantly different from those behaviors.

[openasocket]

> no malicious intent against the user

Lots of malware doesn't have malicious intent against the user. Like botnets for DDoS attacks. Those things generally don't have any noticeable impact on the user, aside from increased network usage, but do immense damage to their targets.

I agree it's different than typical malware. As for considering ad tracking malware, the term "malicious" is obviously open to interpretation, so yes, you could make the argument that that is malware. You'd just have to convince others this meets the criteria for maliciousness. I've certainly heard people say that DRM software is malware.

[__jal]

If you're using my cycles, bandwidth, memory, power, etc. without my permission, it is malware.

This is not really that different than the spam "debate" - I've heard people argue that spam is no big deal because the bulk of it is caught. Tell that to people who run mail servers (but only if you brought your earplugs).

I suppose that, because many people put up with so much surveillance, they have difficulty drawing a line. I find this one a simple line to draw, but if you feel the need to place it elsewhere, the best predicate tipping point is based on intent.

[problems]

> the best predicate tipping point is based on intent.

So, what of intent - are those people taking unique device identifiers, account names, installed package lists, etc not of a malicious intent with them? I'd say so. I'd say that intent is far more malicious than defrauding some advertisers.

[rhizome]

Adjust your sense of "technically," the original malware was shit like Hotbar and Comet Cursor. Trying to change the topic to "everybody who tracks anything" isn't helpful.

[bobsam]

> keyloggers generally aren't exploiting any vulnerability

That's a very odd definition you have.

Rest assured, nobody is saying this kind of apps are acceptable. But calling them malware is not right when they technically don't use more than they been given access to (network + some cpu time)?

[openasocket]

Which part is odd? You can use standard APIs like GetAsyncKeyState() or various utilities for screen scraping and reading the paste buffer to make a key logger, no vulnerabilities required. We still consider such a thing malware of course. The point is exploiting vulnerabilities is not a necessary condition for something to be considered malware.

[yeukhon]

He's probably referring to injecting/deploying the keylogger in the first place. Either it came with a malicious software, via a system exploit, or someone installed it having physical access.

[dafrankenstein2]

agree

[TylerE]

So if I'm on a metered data connection, getting hit with would result in...?

[problems]

Probably not much more than viewing a few ads in the first place. They can't cheat that hard or they'll get caught.

[rhizome]

A sandbox bypass would be an exploit, much more severe than malware.

[wnevets]

I gotta agree, even tho technically it is malware.