Internet Security Blog - Hackology

Zong Injecting Shady Code in User Web Traffic

Few months back it was Ufone injecting code into users web traffic by replacing Google Analytic Code. This time its Zong, a Cellular Company in Pakistan Owned by China Mobile performing even more unethical activity by injecting Malware code into mobile Data users of Zong, showing a total lack of interest by Zong to protect its Users.Such code injections mean that they are tracking and can modify all our online activity for their Advertisement and Financial gains. A Technical explanation of the injection is below

Zong Internet Traffic Manipulation (3G / 4G)

Zong Injecting User Traffic

Every Zong user on mobile data is presented with a sidebar injected in every website(HTTP). Which shows a small Zong icon , once clicked it expands and gives out more options. Icon Sidebar is visible at bottom right on the image above.

zong Sidebar Expand

Tapping on the icon the Toolbar expands(as shown at the top of the screen on above image) and give out more options ,apart from one option rest all is advertisement which Zong is doing just because users are using their network. (Shame)

My Zong App Sidebar

The only useful thing is the “Usage” which shows users about their data usage , else its all spam and a hindrance in user browsing experience

Zong Sidebar About

Zong is calling this unethical act of theirs “Toolbar Function”

How to Unsubscribe from Zong Toolbar (Mobile Data Users)

Zong Sidebar Unsubscribe

Although you can not completely disable code injection by using this method but you can unsubscribe from the toolbar by Clicking on “About” and hitting the “Unsubscribe” link .The toolbar will not appear anymore

Zong Toolbar on Desktop Zong Toolbar Appears on every HTTP site

The same toolbar also injects and appears for Desktop users and on every other website.

Must Read:  How to Play Online games and Stay Safe

 

 

 

 

 

 

 

How to Permanently block the Code Injection

During research i came to know that the toolbar and malware is served from 103.255.6.16 IP Address. This IP is based in Pakistan and blocking it in your Firewall will get you rid of such shady practices of Zong.

Interesting Stuff on Zong Toolbar Server

Overlook of the the server gave me various URLs which reveal partial information about how Zong is injecting code in Internet traffic, please note Zong can change this anytime , they can even redirect you to any other website of their choosing.

  • http://103.255.6.16:8080/  – It presents interesting forum
  • Zong103.255.6.16:8080/html/www/resources/templates/static/cmpklbar_en/pagestemplates.js
    • cmpklbar stands for China Mobile Pakistan Lower Bar
  • 103.255.6.16:8080/html/www/resources/templates/common/libs/framework.js
  • 103.255.6.16:8080/www/default/base.js

Are SSL (HTTPS) sites completely  Safe ?

No , if you are website is using Mixed SSL or Flexible SSL it means code can be injected in that site aswell. Zong can anytime make a plan to inject Google Analytics code as it was done by UFone. The only solution for webmasters is to use Forced SSL, so that all non http content is stripped OFF and not served.

Researchers ?

Researchers may explore more and share what interesting things you found out , and even complain to your local Telecom Authority so they may know this act of Zong

Pin It on Pinterest

Shares
Share This