HummingBad Malware Infects 85 Million Android Devices

...

A group of Chinese hackers dubbed Yingmob is using a sophisticated malware campaign called HummingBad to access and sell the info stored on Android devices. The malware may have already infected 85 million devices.

The security vulnerabilities of Google's open source mobile operating system Android are well known, and a report from security specialist Check Point reveals the platform's security issues may be intensifying.

The report tracked a group of hackers called Yingmob in China that controls an arsenal of more than 85 million mobile devices around the world. The group has the potential to sell access to these devices to the highest bidder. The report found that the group is able to generate about $300,000 in revenue each week through malicious ads.

Check Point researchers first discovered HummingBad, a malware that establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps, in February.

The HummingBad campaign runs alongside a legitimate advertising analytics business, sharing its technology and resources. It also allows the group to create a botnet, carry out targeted attacks on businesses or government agencies, or sell the access to other cyber-criminals on the black market.

"Accessing these devices and their sensitive data creates a new and steady stream of revenue for cybercriminals," the report warned. "Emboldened by financial and technological independence, their skillsets will advance --putting end users, enterprises, and government agencies at risk."

The 24-page report revealed that any data on these devices is at risk, including enterprise data on those devices that serve dual personal and work purposes for end-users.

It's not only the number of devices affected, it's also the level of sophistication behind the campaign that security professionals found disconcerting.

The report explained that HummingBad uses a sophisticated, multi-stage attack chain with two main components, the first of which attempts to gain root access on a device with a rootkit that exploits multiple vulnerabilities.

If successful, attackers gain full access to a device, but if rooting fails, a second component uses a fake system update notification that tricks users into granting HummingBad system-level permissions.

"Yingmob may be the first group to have its high degree of organization and financial self-sufficiency exposed to the public, but it certainly won't be the last," the report concluded. "Check Point believes this dangerous trend will escalate as other groups learn from Yingmob and find new ways to achieve the independence they need to launch larger and more sophisticated attack campaigns in the future."

Google just released the largest set of Android security updates in its history. It issued a bulletin containing details of security vulnerabilities affecting Android devices -- but the security issues facing the platform persist.

[Read more about Google's two-step authentication.]

Trend Micro reported on June 21 that the mobile malware named GODLESS can target any Android running Android 5.1 (Lollipop) or earlier. The company reported that the malware has affected more than 850,000 devices worldwide and can even be found in prominent app stores such as Google Play.

Soon after, Cheetah Mobile estimated that a Chinese hacking organization was making $500,000 a day via a Trojan dubbed Hummer. Calling it the most prolific Trojan in history, the company reported that during the first half of 2016 alone, Hummer infected nearly 1.4 million devices worldwide. In China alone there were 63,000 infections a day.

Android is not the only platform suffering from security issues.

Based on findings in its third Mobile Threat Intelligence Report, Skycure discovered that in large enterprises 3% of all iOS devices have malware installed, though almost twice as many Android devices are likely to be infected.

Categories
APPLICATIONS
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    Samsung Eyes Car Market With $8B Harman Buy

    The deal will give Samsung a leg up in the connected car market: Harman's infotainment, telematics, and security systems are embedded in more than 30 million vehicles.But more than just automotive dividends, it provides Samsung with access to audio brands including JBL, Harman Kardon, and Bang & Olufsen, as well as Harman's 8,000 software designers and engineers working on Internet of Things devices.
  • 5300c769af79e

    8 Salesforce Buys Boost Analytics, Machine Learning Portfolio

    Here's a look at some of the deals and what they reveal about Salesforce's strategy.The deals have added a range of capabilities to the company's existing portfolio, including cloud-based word processing, quote-price-configure software, and e-commerce.
  • 5300c769af79e

    Wolfram Pro Baseball Stats Reference App (for iPad)

    The Wolfram Pro Baseball Stats Reference App brings the knowledge-engine approach that the company employs in WolframAlpha to the realm of baseball statistics.Finding the information you need is not always easy (or even possible) in Pro Baseball Stats, unfortunately.
  • 5300c769af79e

    Weekly Rewind: Jason Bourne, virgin DNA, drone collisions, and more

    With only days to go until the first new episode, The Red Woman, airs, HBO has released nine photos to whet our already-voracious appetites.Anyone who hasn’t seen season 5 yet should avert their eyes, because there are spoilers ahead.