A malware known as HummingBad has infected millions of Android phones, causing false advertising, installing unwanted apps, and recording the user’s browsing habits.
It is estimated that HummingBad yields over $300,000 per month to its creators since it first infected an Android smartphone. Most infected devices are located in China, India, Philippines and Indonesia, but there are at least 280,000 infected devices in the United States.
According to cyber security firm Check Point, an estimated 10 million Android smartphones have been infected with HummingBad since its launch in February 2016. The easiest way to spot potential this and pretty much any Android malware is to browse the list of installed apps on the user’s phone. If there is any app that the user has not downloaded itself, the next step would be to perform a factory reset, since uninstalling and then rebooting the phone usually is not enough to get rid of the malware.
What HummingBad does is to try and root the Android system, trying to find its vulnerable spots which depend on its version. If the malware is successful, the source will grant it full unrestricted access to the information within the device, regardless of encryption or security measures. If the rooting procedure does not prove to be successful, then HummingBad will show a fake system update notification, which tricks users and grants the malware the needed permissions to infect the device.
Google has also been aware of HummingBad, as a spokesperson stated to CNET that they are working on the newer devices to defend against the malware.
Malware with a legitimate source
Check Point’s report says that the collected information by HummingBad can allow its creators to launch attacks against governments and major business firms, besides being able to sell the information to other cyber criminals. Apparently, the malware was designed by a Chinese advertising firm known as Yingmob, known for analyzing user information based on ads.
Check Point is an Israeli agency, and they have claimed that Yingmob’s division called “Development Team for Overseas Platform” is responsible for HummingBad and that it is comprised of four groups of 25 people each. The report also shows that Yingmob has power over 85 million devices, able to “sell access to these devices to the highest bidder.” These type of malware organizations may become a trend in the following years, as they follow a very successful and efficient method of user-access control, as many users share the same operative system in their mobile devices.
Any data on the infected device is at risk, including emails, notes, instant messages and anything that a user can and cannot access through regular interactions. Rooting an Android phone grants unrestricted access to the device’s core features, something that is not available on purchase and can damage the phone for good. A user can root its Android phone, which will allow installing unofficial apps and access to the phone’s most sensitive files, but by doing this, the phone becomes easily exposed to exploitation, from both the user and external sources such as the HummingBad malware.