Vulnerabilities / Threats
10/25/2013
11:06 AM
50%
50%

Chinese Antivirus Firm NQ Called 'Massive Fraud'

Mobile anti-malware software developer NQ Mobile denies charges that it inflates its market share and makes spyware.

9 Android Apps To Improve Security, Privacy
9 Android Apps To Improve Security, Privacy
(click image for larger view)
Is Chinese mobile security software vendor NQ Mobile "a massive fraud"?

That allegation was leveled in a report from research firm Muddy Waters, released Thursday, which labeled as "fictitious" 72% of the security company's reported 2012 income.

"Our research estimates that NQ's real market share in China is only about 1.5%, versus the approximately 55% it reports," the report said. "We estimate that its China paying user base is less than 250,000, versus the 6 million NQ claims."

Adding fuel to the fire, the Los Angeles-based research firm said "top-flight security software engineers" that it hired to review NQ Mobile's antivirus software reported that it posed an information security and privacy risk to users. "NQ's Antivirus 7.0 is unsafe for sale to consumers, and we consider it to be spyware that makes users' phones vulnerable to cyber attack," it said. "Phones are vulnerable to MITM [man-in-the-middle] attacks because NQ fails to adhere to basic security protocols."

[ Would you let LinkedIn scan your emails? Read LinkedIn Intro Service Triggers Security, Privacy Fears. ]

But NQ Mobile, which has dual headquarters in Beijing and China, strongly dismissed the allegations. "The company believes that the allegations and accusations set forth in the Muddy Waters report are false and inaccurate and contain numerous errors of facts, misleading speculations and malicious interpretations of events," said a statement the company released Friday. It included what the company said was a list of 14 major term deposits in cash, which it referenced "as confirmation of the strong foundations of our business."

NQ Mobile recently enjoyed a meteoric rise in its stock market fortunes, gaining 280% in value and trading alongside Netflix and Tesla, Forbes reported. But after the release of the Muddy Waters report, the company's stock market value plunged $500 million Thursday, and trading on the stock was halted several times that day.

Investors, in other words, appear to be heeding allegations contained in the Muddy Waters report, which labeled NQ's management team as being "sloppy, to the point of being comical, fraudsters." It also said that the company's cash balances haven't been verified by an auditor, concluding that "NQ's cash balances are highly likely to not exist."

The report added: "The one intelligent move NQ made to further its fraud is putting in place the veneer of U.S. management -- particularly 'Co-CEO' Omar Khan. Were Mr. Khan not fronting for NQ, we do not think that investors would have been so willing to overlook so many red flags."

According to the report, Khan, who isn't part of the Chinese entity of NQ Mobile's board of directors or management team, received a compensation package worth almost $100 million from NQ Mobile, "which is likely far more than he would have earned as a non-C level manager at Citigroup."

Muddy Waters is run by China-based expatriate Carson Block, who's made a career of short-selling companies -- often Chinese firms listed in U.S. exchanges -- for which he's accused of fraudulently inflating assets, revenue, market share or other key indicators of success. Short-selling refers to making stock market bets against companies, using borrowed shares, meaning that if Block criticizes a firm and the value of its shares tank, he stands to make a significant profit.

Block first made his name in 2011, when he accused Chinese forestry firm Sino-Forest of massaging its assets and revenue, triggering a $4 billion lawsuit again him. Block labeled the lawsuit as being "without merit." Sino-Forest ultimately filed for bankruptcy.

According to Bloomberg, Block singlehandedly erased $7 billion from Chinese companies' stock-market valuation between 2010 and 2012.

This isn't the first time that market watchers have accused NQ Mobile of massaging its market share. In December 2012, market researcher FJE Research questioned NQ Mobile's statement that it controlled 63% of China's mobile security market, saying that it believed rival Qihoo controlled at least 60%. It also said that download levels of NQ Mobile's security application via Chinese community site Sina and various app stores suggested the firm's market share was substantially lower.

In response, NQ Mobile released a statement saying that it "strongly rejects these allegations" and noted that the research firm "has admitted to holding a short position in the company." NQ Mobile added that it only acquired about 20% of its new users from app stores. "The rest are from working with a number of mobile ad networks to provide users with direct download from the company's server," it said. The company also said that about 20% of its new users came via mobile device manufacturers -- including Coolpad, Gionee, Hisense, Huawei, Motorola, Nokia, Samsung and ZTE -- who preinstalled its software on their mobile devices, and accused its critics of ignoring these channels.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, January 2015
To find and fix exploits aimed directly at your business, stop waiting for alerts and become a proactive hunter.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3580
Published: 2014-12-18
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

CVE-2014-6076
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site.

CVE-2014-6077
Published: 2014-12-18
Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVE-2014-6078
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.

CVE-2014-6080
Published: 2014-12-18
SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.