10 Million Android Devices Infected with New Malware

2016 has been a crazy year for malware. Our devices have been plagued with viruses ranging from little colds such as adware all the way to the...
  1. Tabuu

    2016 has been a crazy year for malware. Our devices have been plagued with viruses ranging from little colds such as adware all the way to the influenza-like ransomware. The flavor of choice over the past few months for android users has been an aggressive form of malware nicknamed "Hummingbad". Discovered in February of this year by the security company Check Point, Hummingbad's sole purpose is to generate money for its creator, advertising giant Yingmob. This isn't the first time Yingmob has been named responsible for a form of mobile malware. Back in October of 2015, a form of malware similar to Hummingbad named "YiSpecter" was infecting jailbroken and unjailbroken iOS devices all over mainland China and Taiwan.

    So how does Hummingbad work? There are two answers to this question, a simple one and a complex one. Simply put, Hummingbad is a form of highly infectious adware that installs itself to your device via a rootkit. The adware is spread through something known as a "drive-by download attack" meaning it infects your device when you visit specific webpages. Once you visit an infected webpage, Hummingbad checks to see if your device is rooted. If it is, Hummingbad finds a nice place to settle down and get to work. If it's not, Hummingbad attempts to gain root access through a type of software called a rootkit. A rootkit is essentially a software package that takes advantage of multiple unpatched security exploits on your device to gain root access. In the case of Hummingbad, you will likely see a window pop up asking you to "install an application". If you give it permission, it will get the root access it needs to fully infect your device. Once it finds that nice place to settle down, Hummingbad starts its nefarious work.

    As I said before, Hummingbad's purpose is to make money for its creator. It does so mainly by stealing advertising revenue. If your device is infected, Hummingbad will force-install seemingly random applications (through background downloaded apk files) by "clicking" on advertisements in the background without your knowledge. At times, it will also force full page advertisements on your screen and lock you out of any action except for clicking on the ad or downloading an application. For a more in-depth answer, you can look at Check Point's complete report.

    Here's the kicker, Hummingbad has infected more than 10 million devices and generates over $300,000 in revenue per month! Of the infected devices, the bulk are located in China, India, the Philippines, Indonesia, and Turkey with more than a million infected devices per country. The US only has around 288,000 infected devices and the UK and Australia have around 100,000 each.

    So, the question is, how do we protect ourselves? There are a number of applications that can detect Hummingbad including Check Point's Zone Alarm, Lookout Security & Antivirus, AVG Antivirus, and Avast Mobile Security & Antivirus. Unfortunately, these applications can only detect Hummingbad's presence and, like a flu test, can't do anything to remove the infection. The only confirmed way to remove Hummingbad is to do a complete factory restore of your device. In terms of protection, the only way to try to protect ourselves from these kinds of attacks is to only download applications from trusted places and developers such as through the Google Play Store and to keep our devices as up-to-date as possible.

    In the words of Check Point, "Yingmob may be the first group to have its high degree of organization and financial self-sufficiency exposed to the public, but it certainly won't be the last." We all have to be on the lookout for new types of malware as they crop up, especially on the ever-growing mobile device platform.

    Sources: 1 and 2

    Share This Article

    Bugzii, Doodle210, hoopsure and 8 others like this.


To make a comment simply sign up and become a member!
  1. Jaykae
    This sucks. Glad I don't download many apps and only visit certain websites. I hear Google are working alongside qualcomm to fix this ASAP, I hope they do.
  2. LeeTheCoder
    First off, don't install things you don't trust. Android users (for you iOS users that might not know) have the option to install APKs from unverified vendors. Which is a good thing! Amazing thing, really. Unless, you have someone who's ignorant and enables installed APKs from a unknown source, and then installs this. I'd recommend that Google places the option to turn this on and off (unknown source installations) behind the developer options, whereas you have to go through some complicated stuff to enable. Just my opinion.
    This is just ignorance, not a lack of security on Android. With freedom comes danger.
  3. 3xTiNcT
    Well, I guess it's a good time to have an iPhone. :wink:
    1. Jaykae
      LOL. It's only a matter of time before this happens AGAIN on iOS.
  4. xOneManLegacy
    Good thing I have an iPhone. I feel bad for everyone that has to deal with a virus though
  5. Orginal
    This happened to me for just visiting imgur.
  6. Discrete
    Glad I have not stumbled into any malware
  7. Salus
    You gotta be pretty dumb to download a virus m8
    1. View previous replies...
    2. Salus
      You gotta be pretty dumb to go onto fishy sites like that
    3. Tabuu
      The biggest problem, in places like mainland China is that the websites infected are visited by hundreds of thousands of people every day. Think of it as something like Se7ensins being infected with this malware. It's not a website on the scale of, say, Reddit, but there are still a substantial amount of people visiting the site every day and none of them would know the site is infected until after they find the malware on their phones.
    4. Jaykae
      Nothing dumb about it, you visit an infected website (you don't even have to know) and you're buggered. nothing dumb about it.
  8. Incorporated
    Glad I didn't get an android phone.
    1. Tabuu
      I don't think the type of phone matters as much as the malware itself. An advertising corporation made this to make more money for themselves. Unless some action is taken against them, we will see many more of them come up in the future.
    2. Sketch
      Doesn't matter which mobile it is. It's still likely to get infected.
      Incorporated and Tabuu like this.
    3. Jaykae
      The question is, they've gone after Android phones, what WOULD happen if they went after iOS?