The Snyk research team has uncovered malicious behavior in a popular Advertising SDK used by over 1,200 apps in the AppStore, which represent over 300 Million downloads per month. The malicious code, found in iOS versions of the SDK from Mintegral, dating back to July 2019, can spy on user activity and log URL-based requests made through the app, potentially exposing personally identifiable information (PII) and other sensitive data. The SDK fraudulently reports user clicks on ads, stealing potential revenue from competing ad networks and, in some cases, the developer/publisher of the application. Additionally, the SDK captures details of every URL-based request made from within the compromised application, sending this information to a remote logging server. This functionality has raised concerns over data privacy and the potential for Mintegral to monetize such data by selling it to other parties for purposes of data analytics. The malicious code was designed to avoid detection by Apple's app review process, using anti-tampering controls and custom proprietary encoding techniques.