Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

Chinese Antivirus Firm NQ Called 'Massive Fraud'

Mobile anti-malware software developer NQ Mobile denies charges that it inflates its market share and makes spyware.

9 Android Apps To Improve Security, Privacy
9 Android Apps To Improve Security, Privacy
(click image for larger view)
Is Chinese mobile security software vendor NQ Mobile "a massive fraud"?

That allegation was leveled in a report from research firm Muddy Waters, released Thursday, which labeled as "fictitious" 72% of the security company's reported 2012 income.

"Our research estimates that NQ's real market share in China is only about 1.5%, versus the approximately 55% it reports," the report said. "We estimate that its China paying user base is less than 250,000, versus the 6 million NQ claims."

Adding fuel to the fire, the Los Angeles-based research firm said "top-flight security software engineers" that it hired to review NQ Mobile's antivirus software reported that it posed an information security and privacy risk to users. "NQ's Antivirus 7.0 is unsafe for sale to consumers, and we consider it to be spyware that makes users' phones vulnerable to cyber attack," it said. "Phones are vulnerable to MITM [man-in-the-middle] attacks because NQ fails to adhere to basic security protocols."

[ Would you let LinkedIn scan your emails? Read LinkedIn Intro Service Triggers Security, Privacy Fears. ]

But NQ Mobile, which has dual headquarters in Beijing and China, strongly dismissed the allegations. "The company believes that the allegations and accusations set forth in the Muddy Waters report are false and inaccurate and contain numerous errors of facts, misleading speculations and malicious interpretations of events," said a statement the company released Friday. It included what the company said was a list of 14 major term deposits in cash, which it referenced "as confirmation of the strong foundations of our business."

NQ Mobile recently enjoyed a meteoric rise in its stock market fortunes, gaining 280% in value and trading alongside Netflix and Tesla, Forbes reported. But after the release of the Muddy Waters report, the company's stock market value plunged $500 million Thursday, and trading on the stock was halted several times that day.

Investors, in other words, appear to be heeding allegations contained in the Muddy Waters report, which labeled NQ's management team as being "sloppy, to the point of being comical, fraudsters." It also said that the company's cash balances haven't been verified by an auditor, concluding that "NQ's cash balances are highly likely to not exist."

The report added: "The one intelligent move NQ made to further its fraud is putting in place the veneer of U.S. management -- particularly 'Co-CEO' Omar Khan. Were Mr. Khan not fronting for NQ, we do not think that investors would have been so willing to overlook so many red flags."

According to the report, Khan, who isn't part of the Chinese entity of NQ Mobile's board of directors or management team, received a compensation package worth almost $100 million from NQ Mobile, "which is likely far more than he would have earned as a non-C level manager at Citigroup."

Muddy Waters is run by China-based expatriate Carson Block, who's made a career of short-selling companies -- often Chinese firms listed in U.S. exchanges -- for which he's accused of fraudulently inflating assets, revenue, market share or other key indicators of success. Short-selling refers to making stock market bets against companies, using borrowed shares, meaning that if Block criticizes a firm and the value of its shares tank, he stands to make a significant profit.

Block first made his name in 2011, when he accused Chinese forestry firm Sino-Forest of massaging its assets and revenue, triggering a $4 billion lawsuit again him. Block labeled the lawsuit as being "without merit." Sino-Forest ultimately filed for bankruptcy.

According to Bloomberg, Block singlehandedly erased $7 billion from Chinese companies' stock-market valuation between 2010 and 2012.

This isn't the first time that market watchers have accused NQ Mobile of massaging its market share. In December 2012, market researcher FJE Research questioned NQ Mobile's statement that it controlled 63% of China's mobile security market, saying that it believed rival Qihoo controlled at least 60%. It also said that download levels of NQ Mobile's security application via Chinese community site Sina and various app stores suggested the firm's market share was substantially lower.

In response, NQ Mobile released a statement saying that it "strongly rejects these allegations" and noted that the research firm "has admitted to holding a short position in the company." NQ Mobile added that it only acquired about 20% of its new users from app stores. "The rest are from working with a number of mobile ad networks to provide users with direct download from the company's server," it said. The company also said that about 20% of its new users came via mobile device manufacturers -- including Coolpad, Gionee, Hisense, Huawei, Motorola, Nokia, Samsung and ZTE -- who preinstalled its software on their mobile devices, and accused its critics of ignoring these channels.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
The Flaw in Vulnerability Management: It's Time to Get Real
Jim Souders, Chief Executive Officer at Adaptiva,  8/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15296
PUBLISHED: 2019-08-21
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld->buffer_size - words*4, cast to uint32. If ld->buffer_size - words*4 is ne...
CVE-2019-15292
PUBLISHED: 2019-08-21
An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.
CVE-2019-15293
PUBLISHED: 2019-08-21
An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 1159. There is a User Mode Write AV starting at IDE_ACDStd!IEP_ShowPlugInDialog+0x000000000023d060.
CVE-2019-5034
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigger this vuln...
CVE-2019-5035
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker c...