[AI Minor News Flash] NetEase’s Android Emulator ‘MuMu Player Pro’ Secretly Running Recon Every 30 Minutes on macOS

📰 News Summary

• Hidden Data Collection: MuMu Player Pro (v1.8.5) has been found executing 17 system reconnaissance commands on macOS every 30 minutes while running.
• Scope of Data Collection: Targeted data includes all devices on the local network, all running processes (including command arguments), all installed applications, host files, kernel parameters, and more.
• Personal Identification Linkage: The collected data is managed through an analytics platform called “SensorsData,” linked to the hardware serial number of the Mac.

💡 Key Points

• Privacy Policy Violation: MuMu’s privacy policy does not mention behavior such as retrieving process lists, enumerating local networks, or collecting serial numbers.
• Unnecessary Permissions for the Emulator: There’s no justification for an Android emulator to collect command arguments of all running processes or the MAC addresses of other devices on the network.
• Detailed Action Logging: The execution of “ps aux” every 30 minutes creates a detailed timeline of which applications (VPN, chat, development tools, etc.) the user has been using.

🦈 Shark’s Eye (Curator’s Perspective)

This behavior goes beyond being just an emulator; it’s a full-on “system reconnaissance” operation! What’s particularly alarming is that it’s pulling arguments from all processes using “ps aux.” This means session tokens, IDs, and even VPN settings and directory structures can be exposed! Furthermore, scanning the same network for devices using “arp -a” is clearly suspicious. It’s like you’re just trying to run an emulator, but every 30 minutes, your Mac is sending a “status report” to NetEase!

🚀 What’s Next?

Users with a heightened sense of security are likely to stop using MuMu Player and shift to alternative software. This is especially true for those using it on work Macs, as the risk of confidential information leaks could be taken very seriously. In the future, we can expect calls for runtime protections from Apple and an official explanation or fix from NetEase.

💬 A Word from Haru-Same

Beneath the convenience lies a sharp set of fangs! Take a peek into your logs to check if your data is being siphoned off right now! Shark on! 🦈🔥

📚 Glossary

• Recon Commands: Instructions used to investigate the state of the system, network configuration, and running programs.

• ps aux: A command in macOS and Linux that displays all currently running processes and their detailed information.

• arp -a: A command that displays a list of the IP addresses and MAC addresses of other devices connected to the same local network.

• Source: MuMu Player (NetEase) silently runs 17 reconnaissance commands every 30 minutes