HummingBad Malware Infects 85 Million Android Devices


A group of Chinese hackers dubbed Yingmob is using a sophisticated malware campaign called HummingBad to access and sell the info stored on Android devices. The malware may have already infected 85 million devices.

The security vulnerabilities of Google's open source mobile operating system Android are well known, and a report from security specialist Check Point reveals the platform's security issues may be intensifying.

The report tracked a group of hackers called Yingmob in China that controls an arsenal of more than 85 million mobile devices around the world. The group has the potential to sell access to these devices to the highest bidder. The report found that the group is able to generate about $300,000 in revenue each week through malicious ads.

Check Point researchers first discovered HummingBad, a malware that establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps, in February.

The HummingBad campaign runs alongside a legitimate advertising analytics business, sharing its technology and resources. It also allows the group to create a botnet, carry out targeted attacks on businesses or government agencies, or sell the access to other cyber-criminals on the black market.

"Accessing these devices and their sensitive data creates a new and steady stream of revenue for cybercriminals," the report warned. "Emboldened by financial and technological independence, their skillsets will advance --putting end users, enterprises, and government agencies at risk."

The 24-page report revealed that any data on these devices is at risk, including enterprise data on those devices that serve dual personal and work purposes for end-users.

It's not only the number of devices affected, it's also the level of sophistication behind the campaign that security professionals found disconcerting.

The report explained that HummingBad uses a sophisticated, multi-stage attack chain with two main components, the first of which attempts to gain root access on a device with a rootkit that exploits multiple vulnerabilities.

If successful, attackers gain full access to a device, but if rooting fails, a second component uses a fake system update notification that tricks users into granting HummingBad system-level permissions.

"Yingmob may be the first group to have its high degree of organization and financial self-sufficiency exposed to the public, but it certainly won't be the last," the report concluded. "Check Point believes this dangerous trend will escalate as other groups learn from Yingmob and find new ways to achieve the independence they need to launch larger and more sophisticated attack campaigns in the future."

Google just released the largest set of Android security updates in its history. It issued a bulletin containing details of security vulnerabilities affecting Android devices -- but the security issues facing the platform persist.

[Read more about Google's two-step authentication.]

Trend Micro reported on June 21 that the mobile malware named GODLESS can target any Android running Android 5.1 (Lollipop) or earlier. The company reported that the malware has affected more than 850,000 devices worldwide and can even be found in prominent app stores such as Google Play.

Soon after, Cheetah Mobile estimated that a Chinese hacking organization was making $500,000 a day via a Trojan dubbed Hummer. Calling it the most prolific Trojan in history, the company reported that during the first half of 2016 alone, Hummer infected nearly 1.4 million devices worldwide. In China alone there were 63,000 infections a day.

Android is not the only platform suffering from security issues.

Based on findings in its third Mobile Threat Intelligence Report, Skycure discovered that in large enterprises 3% of all iOS devices have malware installed, though almost twice as many Android devices are likely to be infected.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    AT&T GoPhone Bumps $60 Plan to 8GB Data, $45 Plan to 4GB

    That data bump, as has been the case for years, did not increase the price, leaving your GoPhone plan with more data just because.The $60 plan with 6GB data has been increased at no charge to 8GB data per month.
  • 5300c769af79e

    Verizon Black Friday Deals 2016

    Yesterday, we highlighted one of the Verizon Black Friday deals for 2016, which included Google’s Pixel phone for as low as $10 per month.Today, Verizon pushed out their whole list of Black Friday deals and I think you’ll want to take a look.
  • 5300c769af79e

    Android App Updates Get Smarter, Smaller

    Android typically does this on your behalf by downloading updates for installed apps when you're on a Wi-Fi connection.If you're an update-a-holic, though, you can also allow Google Play to install updates whenever it wants—which might not be very fun for your monthly data quota.
  • 5300c769af79e

    Motorola Split Set For January

    To help you optimize security as you cope with complexity, InformationWeek is offering you an excl The once dominant communications equipment provider will begin trading as two companies, Motorola Solutions and Motorola Mobility.Greg Brown will remain CEO of Motorola Solutions, which includes the company's public safety, bar-code scanners, walkie-talkies and related equipment.