Vulnerabilities / Threats
10/25/2013
11:06 AM
Connect Directly
RSS
E-Mail
50%
50%

Chinese Antivirus Firm NQ Called 'Massive Fraud'

Mobile anti-malware software developer NQ Mobile denies charges that it inflates its market share and makes spyware.

9 Android Apps To Improve Security, Privacy
9 Android Apps To Improve Security, Privacy
(click image for larger view)
Is Chinese mobile security software vendor NQ Mobile "a massive fraud"?

That allegation was leveled in a report from research firm Muddy Waters, released Thursday, which labeled as "fictitious" 72% of the security company's reported 2012 income.

"Our research estimates that NQ's real market share in China is only about 1.5%, versus the approximately 55% it reports," the report said. "We estimate that its China paying user base is less than 250,000, versus the 6 million NQ claims."

Adding fuel to the fire, the Los Angeles-based research firm said "top-flight security software engineers" that it hired to review NQ Mobile's antivirus software reported that it posed an information security and privacy risk to users. "NQ's Antivirus 7.0 is unsafe for sale to consumers, and we consider it to be spyware that makes users' phones vulnerable to cyber attack," it said. "Phones are vulnerable to MITM [man-in-the-middle] attacks because NQ fails to adhere to basic security protocols."

[ Would you let LinkedIn scan your emails? Read LinkedIn Intro Service Triggers Security, Privacy Fears. ]

But NQ Mobile, which has dual headquarters in Beijing and China, strongly dismissed the allegations. "The company believes that the allegations and accusations set forth in the Muddy Waters report are false and inaccurate and contain numerous errors of facts, misleading speculations and malicious interpretations of events," said a statement the company released Friday. It included what the company said was a list of 14 major term deposits in cash, which it referenced "as confirmation of the strong foundations of our business."

NQ Mobile recently enjoyed a meteoric rise in its stock market fortunes, gaining 280% in value and trading alongside Netflix and Tesla, Forbes reported. But after the release of the Muddy Waters report, the company's stock market value plunged $500 million Thursday, and trading on the stock was halted several times that day.

Investors, in other words, appear to be heeding allegations contained in the Muddy Waters report, which labeled NQ's management team as being "sloppy, to the point of being comical, fraudsters." It also said that the company's cash balances haven't been verified by an auditor, concluding that "NQ's cash balances are highly likely to not exist."

The report added: "The one intelligent move NQ made to further its fraud is putting in place the veneer of U.S. management -- particularly 'Co-CEO' Omar Khan. Were Mr. Khan not fronting for NQ, we do not think that investors would have been so willing to overlook so many red flags."

According to the report, Khan, who isn't part of the Chinese entity of NQ Mobile's board of directors or management team, received a compensation package worth almost $100 million from NQ Mobile, "which is likely far more than he would have earned as a non-C level manager at Citigroup."

Muddy Waters is run by China-based expatriate Carson Block, who's made a career of short-selling companies -- often Chinese firms listed in U.S. exchanges -- for which he's accused of fraudulently inflating assets, revenue, market share or other key indicators of success. Short-selling refers to making stock market bets against companies, using borrowed shares, meaning that if Block criticizes a firm and the value of its shares tank, he stands to make a significant profit.

Block first made his name in 2011, when he accused Chinese forestry firm Sino-Forest of massaging its assets and revenue, triggering a $4 billion lawsuit again him. Block labeled the lawsuit as being "without merit." Sino-Forest ultimately filed for bankruptcy.

According to Bloomberg, Block singlehandedly erased $7 billion from Chinese companies' stock-market valuation between 2010 and 2012.

This isn't the first time that market watchers have accused NQ Mobile of massaging its market share. In December 2012, market researcher FJE Research questioned NQ Mobile's statement that it controlled 63% of China's mobile security market, saying that it believed rival Qihoo controlled at least 60%. It also said that download levels of NQ Mobile's security application via Chinese community site Sina and various app stores suggested the firm's market share was substantially lower.

In response, NQ Mobile released a statement saying that it "strongly rejects these allegations" and noted that the research firm "has admitted to holding a short position in the company." NQ Mobile added that it only acquired about 20% of its new users from app stores. "The rest are from working with a number of mobile ad networks to provide users with direct download from the company's server," it said. The company also said that about 20% of its new users came via mobile device manufacturers -- including Coolpad, Gionee, Hisense, Huawei, Motorola, Nokia, Samsung and ZTE -- who preinstalled its software on their mobile devices, and accused its critics of ignoring these channels.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.