|
|
|
|
|
|
by maxgashkov
5 days ago
|
|
|
Proposed mitigations look weak: - DNS block & SNI filtering: I expect BrightData to rotate the endpoints if this issues gains enough attention. It will take some time once all the apps embedding the SDK catch up, but if they're smart SDK may already have a backup C&C connection they will try to reach out to after prolonged unavailability of the current endpoints. - TLS fingerprint: unless SDK pins it, it's the cheapest one to rotate continously. - MDM solution: almost unattainable to private users; not clear how stable the SDK name is to rely on. Not saying I have a better approach. It seems behavior like this should be explicitly banned on Apple/Google's side with immediate termination of their publisher accounts. |
|
|