Mobile News Technology Tips and Tricks

Zong Injecting Shady Code in User Web Traffic

Written by Dr-Hack



Few months back it was Ufone injecting code into users web traffic by replacing Google Analytic Code. This time its Zong, a Cellular Company in Pakistan Owned by China Mobile performing even more unethical activity by injecting Malware code into mobile Data users of Zong, showing a total lack of interest by Zong to protect its Users.Such code injections mean that they are tracking and can modify all our online activity for their Advertisement and Financial gains. A Technical explanation of the injection is below

Zong Internet Traffic Manipulation (3G / 4G)

Zong Injecting User Traffic

Every Zong user on mobile data is presented with a sidebar injected in every website(HTTP). Which shows a small Zong icon , once clicked it expands and gives out more options. Icon Sidebar is visible at bottom right on the image above.

zong Sidebar Expand

Tapping on the icon the Toolbar expands(as shown at the top of the screen on above image) and give out more options ,apart from one option rest all is advertisement which Zong is doing just because users are using their network. (Shame)

My Zong App Sidebar

The only useful thing is the “Usage” which shows users about their data usage , else its all spam and a hindrance in user browsing experience

Zong Sidebar About

Zong is calling this unethical act of theirs “Toolbar Function”

How to Unsubscribe from Zong Toolbar (Mobile Data Users)

Zong Sidebar Unsubscribe

Although you can not completely disable code injection by using this method but you can unsubscribe from the toolbar by Clicking on “About” and hitting the “Unsubscribe” link .The toolbar will not appear anymore

Zong Toolbar on Desktop Zong Toolbar Appears on every HTTP site

The same toolbar also injects and appears for Desktop users and on every other website.

Must Read:  Linux TCP flaw a treat for Hackers 'Hijacking'

 

 

 

 

 

 

 

How to Permanently block the Code Injection

During research i came to know that the toolbar and malware is served from 103.255.6.16 IP Address. This IP is based in Pakistan and blocking it in your Firewall will get you rid of such shady practices of Zong.

Interesting Stuff on Zong Toolbar Server

Overlook of the the server gave me various URLs which reveal partial information about how Zong is injecting code in Internet traffic, please note Zong can change this anytime , they can even redirect you to any other website of their choosing.

  • http://103.255.6.16:8080/  – It presents interesting forum
  • Zong103.255.6.16:8080/html/www/resources/templates/static/cmpklbar_en/pagestemplates.js
    • cmpklbar stands for China Mobile Pakistan Lower Bar
  • 103.255.6.16:8080/html/www/resources/templates/common/libs/framework.js
  • 103.255.6.16:8080/www/default/base.js

Are SSL (HTTPS) sites completely  Safe ?

No , if you are website is using Mixed SSL or Flexible SSL it means code can be injected in that site aswell. Zong can anytime make a plan to inject Google Analytics code as it was done by UFone. The only solution for webmasters is to use Forced SSL, so that all non http content is stripped OFF and not served.

Researchers ?

Researchers may explore more and share what interesting things you found out , and even complain to your local Telecom Authority so they may know this act of Zong



  • Well, That’s really shameful I think. PTA must take action against such practices. Manipulating the trafficking for Financial gains? Being their user, I’m going to file a complaint against them.

  • WTF!

  • If enough users like you file a complaint , cellular companies might eventually STOP doing such things .. you may share the link so that others may file report (i may add it in the post)

  • Taha Ali Adil

    Even this Shady code is that much bad, it can impact your local website developement, because developer us open tag apparoch in css, such as body, div and p, it was really pain for me in first time when i was developing website for customer and i was pushing CSS but it was not working, found the shahdy code later on and disable it.

  • Originative

    ufone also inject code i captured this

    data:text/html;base64,PEhUTUw+DQo8bWV0YSBodHRwLWVxdWl2PSJyZWZyZXNoIiBjb250ZW50PSIwO3VybD1odHRwOi8vZ28uYWQydXAuY29tL2FmdS5waHA/aWQ9MjQ1NzcyIj4NCjwvaHRtbD4NCg0K

    and complain to ufone as well they completely deny it

  • When you encountered this?

  • xeero07

    What is the procedure to file complain?
    I blocked their ip and port in eset firewall and setup to alert me on every block, and it is damn blocking ip on almost every website 😀

  • PTA would be viable option , using their online Form : http://www.pta.gov.pk/index.php?option=com_content&view=article&id=1590&Itemid=770

    well they will inject on every non ssl website .. #jerks

  • Originative

    i dont remember as i dont use it now, i checked the file creation date it was 25th july 2015. they dont put it on every page but randomly so they dont get noticed, i found it when i saw it on my own website.

  • Screenshot would help you to lodge one , even others can do so…
    I am sure a decent number that goes to them , might think about it .
    you can use the short code for this post link : http://bit.ly/ZongCode

  • the tricky thing is how they serve this randomly .. so certain folks are saying even now that there is something installed on my cell / pc thats why ads are appearing . lol

  • Pingback: Zong Unethically defending whats wrong | Hackology Blog()

  • Pingback: Zong Toolbar and code injection is no more | Hackology Blog()

  • Pingback: Mobilink Blunder of Injecting Code into User Browser | Hackology Blog()

Pin It on Pinterest

Shares