A new malware called HummingBad, associated with Chinese cyber criminals Yingmob, has infected millions of devices and brings in millions of dollars of fake ad revenue.
When it comes to malware, Android users can’t seem to catch a break. According to mobile threat researchers’ a recently-discovered Android malware called HummingBad has infected 10 million Android devices worldwide.
Yes, you read that correctly—10 million devices. But, that is just the beginning. Millions more devices could be at risk from HummingBad, or other malware created by the company behind it.
HummingBad was first discovered in February, and it “establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps,” according to the report. Currently, it’s estimated to be generating $300,000 per month in fraudulent ad revenue.
The party behind HummingBad is a group Chinese cyber criminals known as Yingmob. The group has 25 employees across four different groups that maintain the components of HummingBad. Furthermore, they also provide legitimate advertising analytics products and share their tools and resources among their teams. Yingmob is also suspected to be behind the iOS malware called Yispecter.
While 10 million devices are affected by HummingBad at present, Yingmob has some degree of control over 85 million mobile devices in total. Only a quarter of those devices have some sort of malicious software installed on them, but Yingmob sells access to the devices and information about them to buyers.
China tops the list of most affected by the malware, with 1.6 million devices. India, with 1.35 million cases, comes in second place, respectively. The Philippines takes third place with 520,901 cases. There are 286,800 infected devices in the US.
In terms of affected OS versions, it breaks down like this:
- KitKat – 50%
- Jelly Bean – 40%
- Lollipop – 7%
- Ice Cream Sandwich – 2%
- Marshmallow – 1%
HummingBad installs more than 50,000 fraudulent apps each day, and displays more than more than 20 million ads per day in these apps. IT admins should be wary because this put their organization’s data at risk.
“With these devices, a group can create a botnet, carry out targeted attacks on businesses or government agencies, and even sell the access to other cybercriminals on the black market,” the report said. “Any data on these devices is at risk, including enterprise data on those devices that serve dual personal and work purposes for end users.”
HummingBad uses a multi-stage attack chain with multiple components. If the initial rooting attempt fails, it makes use of a fake system update notification, to try and trick the user into granting permissions. The malware can install silently if the device is already rooted, so if your device is rooted you may already be in trouble. Also, remember to turn off “unknown sources” in your security settings to further protect yourself.
Malware has long been an issue in the Android ecosystem, but it has been ramping up in recent weeks.