What's new

"Trend Micro, Inc." Apps caught stealing and uploading browser history

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

v384.6 Now sharing data to Trend Micro?

This happens when you accept the terms:
https://www.snbforums.com/goto/post?id=418913#post-418913
Since upgrading to 384.6 b1, I see in my DNS server (Raspberry Pi with Pi-Hole) a lot of DNS requests going from the router to the following two addresses:
Code:
aae-spweb-vx.asuscloud.com
aae-sgweb001-1.asuscomm.com
Request are been sent about every 15 seconds.
This has not been in 384.5 and I don't have any Asus cloud services activated in the router.

As soon as I'm withdrawing the ASUS privacy agreement, the DNS requests stopped.
Is ASUS sending data every 15 seconds to their servers??


Information and personal data for using and interacting with Trend Micro’s products and services

You provide the following types of information and personal data when you use and interact with our products and services, including customer support. The specific information and personal data that you provide will depend on the particular product or services used. Providing these types of information and personal data enables you to participate, share and leverage Trend Micro’s global database of threat related intelligence to rapidly identify and defend against potential threats within your unique network environment, as described in more detail below as well as enabling us to provide support that you request.
  • Product information, such as MAC address, device ID,
  • Public IP address of the user’s gateway to the Internet
  • Mobile/PC environment
  • Metadata from suspicious executable files
  • URLs, Domains and IP addresses of websites visited
  • Metadata of client/device managed by gateway product
  • Application behaviors
  • Customer behavior [See Hedwig]
  • Information from suspicious e-mail, including sender and receiver email address, and attachments
  • Detected malicious file information
  • Detected malicious network connection information
  • Debug Logs
  • Network Architecture/Topology
  • Screen capture of errors
If you do not want to provide personal data to Trend Micro, please refer to your product documentation for further details on how to disable those features that collect and send feedback to Trend Micro, if applicable.


How does Trend Micro use the data that you provide to us?


We may use information that you provide to us for other business purposes, including:
  • Internal record keeping
  • Compliance with the law and requests from government bodies
  • Product and service development
  • Keeping you informed about our products, services and promotions
  • Provide customer support, manage subscriptions, and respond to requests, questions, and comments
  • All the personal data stated above are necessary to enter into the contract with Trend Micro and to use Trend Micro’s products and services so that you are obliged to provide such personal data, otherwise, we can neither perform our contract with you nor provide our products and services to you.

Trend Micro Source:
 
Last edited:
this pops up from time to time... the Mac/iPhone community is a bit concerned at the moment, as there was an app that cloned another app for ad-blocking, and did share data to a server in China - but this has nothing to do with Trend-Micro.

Trend-Micro - I've personally had multiple business dealings with them at both an OEM and Telco Operator level - they are as reliable a partner as ProofPoint and CloudMark

I've always found them to be above-board and ethical - yes, they collect information for development of their product, but it's silo'ed within their business, they don't export things for monetization.

It's an opt-in for Asus device owners in any event - if you don't trust them, don't opt-in - simple enough...
 
https://9to5mac.com/2018/09/09/addi...aught-stealing-and-uploading-browser-history/

Is this "Trend Micro, Inc." the same company that provides the AIProtection technology in our ASUS routers?

Yes it is. Trend Micro built spyware into the unarchiving utility app they sold on the Mac App Store. The customer had to allow it access to their home directory so it could serve it's only purpose of extracting files. It abused the access priviledges to surreptitiously extract their browser data for... why?

General talking points:
1. Do we have more or less trust in Trend Micro after evidence they built spyware into a Mac utility app?
2. Can Trend Micro claim they got proper informed consent from the user?
3. Why was Trend Micro ballsy enough to sell it inside Apples walled garden Mac App Store?
4. Will Apple punish them by refusing to let them sell on Mac App Store?
5. Why has Apple failed to keep all this spyware out of the Mac App Store?

And for our community, we may ask how comfortable we are accepting TM terms. Maybe some of us decide that we don't trust them enough to enable AiProtect features anymore.

this pops up from time to time... the Mac/iPhone community is a bit concerned at the moment, as there was an app that cloned another app for ad-blocking, and did share data to a server in China - but this has nothing to do with Trend-Micro.

The app was Adware Doctor, an adware removal app. It was top-selling app in Mac App Store. The chinese creator deactivated it's web domains and stopped pilfering data soon after they got discovered, but Apple left it on their App store for a month. They pulled it down only now that it's shamed in the news.

"The researchers found that Adware Doctor collects data about its users, particularly browsing history and a list of other software and processes running on a machine, stores that data in a locked file, and periodically sends it out to a server that appears to be located in China. (For what it's worth, they say it's also not a very good adware scanner.) All of these actions seem to violate the App Store's developer guidelines, but while Privacy 1st notified Apple about the concerns weeks ago, the app remains."

https://www.zdnet.com/article/top-m...apple-app-store-steals-your-browsing-history/

I've always found them to be above-board and ethical - yes, they collect information for development of their product, but it's silo'ed within their business, they don't export things for monetization.

Do you feel more or less confident in making those assertions now? Regardless we can surely all agree that the Chinese spyware app is 100% relevant in any discussion we may choose to have about Trend Micro's behavior with spyware in their apps.
 
Here they dont even need any browser history, you agreed with them to send all those online for all devices.
But whats the difference to google?
They are good because sitting in US and the others are bad located in china?
 
this pops up from time to time... the Mac/iPhone community is a bit concerned at the moment, as there was an app that cloned another app for ad-blocking, and did share data to a server in China - but this has nothing to do with Trend-Micro.
The 9To5Mac article I quoted mentioned that there are other Mac Apps that also share data (without user consent) and that these are from Trend Micro.

In fact, they posted an update today that confirmed that:
Update 9/10 4:50 am PT: The certificate issued for the domain drcleaner.com leaves no doubt that the apps are in fact distributed by Trend Micro.

However, a Malwarebytes blog post confuses me, as it seems to suggest that there might be a single person impersonating Trend Micro?
Interestingly, we found that the drcleaner[dot]com website was being used to promote these apps. WHOIS records identified an individual living in China, and having a foxmail.com email address, as being the registered owner of the domain.

I'd like to trust Trend Micro, but if it's indeed them collecting personal data without user consent I'm not sure I should...
 
The 9To5Mac article I quoted mentioned that there are other Mac Apps that also share data (without user consent) and that these are from Trend Micro.

In fact, they posted an update today that confirmed that:

And this is an EV certificate, which means it went through extended validation, confirming the identity of the owner of the domain. Unlike, say, a domain-validated certificate, where you can be anyone you claim to be. Unless the certificate authority is one of those shady ones (remember StartSSL?)
 
I've withdrawn consent until the FUD settles, relying on the "Trust No One" (TNO) mantra.
 
I'd like to trust Trend Micro, but if it's indeed them collecting personal data without user consent I'm not sure I should...

I hope you trust nobody in corporate world or simply treat it like anyone else. Looks to me Dr. X series are sub-brands of Trend Micro originated from its China operation and mostly marketing in Chinese markets such as China and Taiwan. Then it's no surprise drcleaner.com is registered in China by a person from China.

I would make a wild guess it's a management oversight. Perhaps TrendMicro HQ isn't aware of it. I can't stop thinking CIA, NSA, GKB and the China counterparts. Hopefully it's not an operation from one of these. Anyhow, it's going to be an interesting story!
 
Considering Trend Micro's field of expertise, I would say it would be critical for them to come forward with a public explanation. Third party developer gone rogue? Or bad corporate decision from a specific regional office (their Chinese ones)? For their reputation, I'd say it's critical for them to be transparent there.
 
Considering Trend Micro's field of expertise, I would say it would be critical for them to come forward with a public explanation. Third party developer gone rogue? Or bad corporate decision from a specific regional office (their Chinese ones)? For their reputation, I'd say it's critical for them to be transparent there.

I would agree - full disclosure would be best - what's interesting to note is the ISP's can play a role in stopping things like this, as their network monitoring systems would flag traffic from many clients to a server outside of their network.

I stand by what I said earlier - Trend Micro was an ethical company when I was dealing with them - times change, and maybe the current team has gone down a different path. I certainly hope not...
 

"This was a one-time data collection, done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service).
...
Trend Micro is taking customer concerns seriously and has decided to remove this browser history collection capability from the products. Trend Micro’s Windows products and enterprise products do not have this feature."

Now that's funny... they're concern about Mac malware but not Windows malware! :D

OE
 
As one who has never enabled AiProtection, Traffic Monitor, ect on my AC86U (never agreed too pop-up prompts) I take it I should be 'safe' from any Trend Micro data mining?


Suppose it would be impossible to remove this specific code to create a 'Trend Micro free build' due to the way Asus delivers the source to Merlin?
 
Trend Micro has saved my butt several times over the years. I trust them. Back in the old days we bought thousands of copies for a site license for many years. I think they are a good company. They also have excellent phone support.
 
I do wonder (given that these are Mac-only products) whether Trend Micro just bought these apps from some other company and re-branded them as their own. Not that that's an excuse, but might explain why there wasn't much thought given to how they worked.
 
Similar threads
Thread starter Title Forum Replies Date
C Current Trend Micro Signature? ASUSWRT - Official 14

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top