HummingBad Malware Infects 85 Million Android Devices


A group of Chinese hackers dubbed Yingmob is using a sophisticated malware campaign called HummingBad to access and sell the info stored on Android devices. The malware may have already infected 85 million devices.

The security vulnerabilities of Google's open source mobile operating system Android are well known, and a report from security specialist Check Point reveals the platform's security issues may be intensifying.

The report tracked a group of hackers called Yingmob in China that controls an arsenal of more than 85 million mobile devices around the world. The group has the potential to sell access to these devices to the highest bidder. The report found that the group is able to generate about $300,000 in revenue each week through malicious ads.

Check Point researchers first discovered HummingBad, a malware that establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps, in February.

The HummingBad campaign runs alongside a legitimate advertising analytics business, sharing its technology and resources. It also allows the group to create a botnet, carry out targeted attacks on businesses or government agencies, or sell the access to other cyber-criminals on the black market.

"Accessing these devices and their sensitive data creates a new and steady stream of revenue for cybercriminals," the report warned. "Emboldened by financial and technological independence, their skillsets will advance --putting end users, enterprises, and government agencies at risk."

The 24-page report revealed that any data on these devices is at risk, including enterprise data on those devices that serve dual personal and work purposes for end-users.

It's not only the number of devices affected, it's also the level of sophistication behind the campaign that security professionals found disconcerting.

The report explained that HummingBad uses a sophisticated, multi-stage attack chain with two main components, the first of which attempts to gain root access on a device with a rootkit that exploits multiple vulnerabilities.

If successful, attackers gain full access to a device, but if rooting fails, a second component uses a fake system update notification that tricks users into granting HummingBad system-level permissions.

"Yingmob may be the first group to have its high degree of organization and financial self-sufficiency exposed to the public, but it certainly won't be the last," the report concluded. "Check Point believes this dangerous trend will escalate as other groups learn from Yingmob and find new ways to achieve the independence they need to launch larger and more sophisticated attack campaigns in the future."

Google just released the largest set of Android security updates in its history. It issued a bulletin containing details of security vulnerabilities affecting Android devices -- but the security issues facing the platform persist.

[Read more about Google's two-step authentication.]

Trend Micro reported on June 21 that the mobile malware named GODLESS can target any Android running Android 5.1 (Lollipop) or earlier. The company reported that the malware has affected more than 850,000 devices worldwide and can even be found in prominent app stores such as Google Play.

Soon after, Cheetah Mobile estimated that a Chinese hacking organization was making $500,000 a day via a Trojan dubbed Hummer. Calling it the most prolific Trojan in history, the company reported that during the first half of 2016 alone, Hummer infected nearly 1.4 million devices worldwide. In China alone there were 63,000 infections a day.

Android is not the only platform suffering from security issues.

Based on findings in its third Mobile Threat Intelligence Report, Skycure discovered that in large enterprises 3% of all iOS devices have malware installed, though almost twice as many Android devices are likely to be infected.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    Going unplugged only made Marshall's Major II rock harder

    Following the common theme of the age, the latest from Marshall Headphones adds the convenience of Bluetooth to the company’s value-packed on-ear cans, the Marshall Major II.It’s a brilliant move for a company that already trades in Bluetooth sound on the speaker side.
  • 5300c769af79e

    Lucky’s Tale creator Paul Bettner to speak on VR at GamesBeat Summit

    Bettner is one of the few game developers who has already launched a major title for the VR headsets, and we’d like to know what he’s learned.She has extensive experience in game developer relations and business marketing, including stints at Sega, Ageia, and Game Developers Conference parent UBM.
  • 5300c769af79e


    For story tips, news, corrections, or pitches (anything with time-sensitivity), please [email protected] game-related news tips, [email protected]
  • 5300c769af79e

    Forbes acquires photo-sharing app Camerama, pushes further into mobile

    Through the acquisition, Camerama founder Salah Akram Zalatimo will become vice president of mobile products at Forbes.As such, Zalatimo will be charged with developing the Forbes mobile strategy and building out apps that use Camerama’s technology as a foundation.