Android malware “HummingBad” reportedly infects 10 million devices
A multimillion-pound Chinese advertising and analytics agency is behind malware that has infected over ten million Android devices. That’s according to a report from security company Check Point, who have tied the malware to a gang of cybercriminals – called Yingmob – associated with the otherwise legitimate company.
“The first component attempts to gain root access on a device with a rootkit that exploits multiple vulnerabilities. If successful, attackers gain full access to a device,” Check Point explains in its report. “If rooting fails, a second component uses a fake system update notification, tricking users into granting HummingBad system-level permissions.”
Check Point first picked up on the malware in February 2016. Cases have reportedly risen since then, but spiked in mid-May. According to the company, HummingBad collectively generates around $300,000 a month through forced ad clicks and app downloads.
The picture painted by Check Point is that of a highly organised company, with 25 employees and staff spread across four separate groups. The business model also goes beyond malware, with the group reportedly able to sell access to phones.
“Accessing these devices and their sensitive data creates a new and steady stream of revenue for cybercriminals,” says Check Point. “Emboldened by financial and technological independence, their skillsets will advance – putting end users, enterprises, and government agencies at risk.”
A spokesperson from Google told CNET that the company has “long been aware of this evolving family of malware and we’re constantly improving our systems that detect it… We actively block installations of infected apps to keep users and their information safe.”
The bulk of infections are in China and India, with 1.6 million and 1.35 million cases respectively. There are allegedly fewer than 100,000 devices affected in the UK.