HummingBad to worse as 85m Android phones infected by malware

6 Jul 2016

With 85m Android devices infected, the fear is the hackers may sell the access to devices on the black market

Cyber-criminals from China are reaping a reward of $300,000-a-month in fraudulent ad revenue thanks to the proliferation of a malware known as HummingBad.

The HummingBad malware runs alongside a legitimate advertising analytics business, sharing its technology and resources and enabling it to control tens of millions of Android devices, according to Check Point.

With the potential to sell access to these devices to the highest bidder, Check Point warns that similar malware campaigns may become a trend.

HummingBad was first discovered by Check Point researchers in February.

HummingBad is a malware that establishes a persistent rootkit on Android devices, generates fraudulent ad revenue and installs additional fraudulent apps.

Black market fears

Check Point researchers say that devices infected by the malware can be used to create a botnet to carry out targeted attacks on businesses or government agencies and even sell access to other cyber-criminals on the black market.

The hackers command and control servers belong to Yingmob, a Chinese mobile ad server company associated with an iOS malware called Yispecter.

Both HummingBad and Yispecter install fraudulent apps to gain revenue.

“Analysis of the HummingBad code revealed that it sends notifications to Umeng, a tracking and analytics service from which the attackers manage the campaign,” CheckPoint said in its research note.

“Further analysis of Yingmob’s Umeng account revealed the extent of the HummingBad campaign. The control panel registers almost 200 apps, most of which are different variations of the same core apps.

“Check Point researchers suspect about 25pc of these apps are malicious. All combined, the campaign includes nearly 85m devices.”

CheckPoint warned that, emboldened by the financial and technological independence that the hackers enjoy, their skillsets are likely to advance, putting end users, enterprises and government agencies at risk.

Hummingbird image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com