HummingBad Malware Infects 10 Million Android Devices

HummingBad malware has infected an estimated 10 million Android devices, according to Check Point Software Technologies. In a comprehensive report, which was published on July 1, the cybersecurity company blamed a “highly organized” team of cyber criminals for distributing the malicious software.

As discussed in their report, Check Point initially discovered the malware in February.

Following five months of research, the investigators determined the software was likely introduced to mobile devices in “drive-by” attacks. Essentially, the software was downloaded to Android mobile devices while the users were visiting specific websites — many of which hosted adult content.

Once downloaded, the malicious software establishes a persistent rootkit in the Android mobile device. The rootkit allows the HummingBad malware to generate fraudulent ads and apps without the owner’s knowledge or consent.

According to Check Point’s report, HummingBad malware is generating an estimated $300,000 per month in revenue for its creators.

The researchers reportedly traced the malicious software to a Chinese mobile ad server company called Yingmob — which was previously linked to similar malware called Yispecter.

Although Yingmob is in the business of developing legitimate advertisement platforms and tracking software, the company’s “Development Team for Overseas Platform,” which consists of 25 employees, is reportedly dedicated to developing malware like Yispecter and HummingBad.

In an interview with Fortune, cybersecurity specialist Dan Wiley said Yingmob had published an estimated 200 apps. At least 50 of those apps were deemed to contain some form of malicious software.

Check Point estimates nearly 10 million Android devices are currently infected with HummingBad malware. Although a majority of those affected are in China and India, the cybersecurity company estimates 286,000 devices are infected within the United States.

The research suggests a majority of the devices infected with HummingBad malware are running the KitKat and Jelly Bean versions of the Android Operating System.

At this time, the researchers believe Yingmob’s primary goal is to generate fraudulent advertisement revenue.

According to reports, the malware generated an estimated 20 million advertisements and installed an estimated 50,000 apps on unsuspecting users’ mobile devices.

The software also generated an estimated 2.5 million fraudulent clicks on those advertisements. The phony clicks earned the developers an estimated $10,000 per day.

Although the current goal appears to be making money through fraudulent advertisements and clicks on those advertisements, there is concern that the malicious software could be used to “carry out targeted attacks on businesses or government agencies.”

Cybersecurity expert Dan Wiley said the malicious software could be used to mine data from the infected devices. As users often store sensitive information on their mobile devices, including banking information and credit card numbers, millions of people could be at risk.

Fortunately, the software can be detected and removed from Android devices.

CNET offers several solutions for detecting HummingBad malware, removing it from an Android mobile device, and preventing similar infections in the future.

To determine whether HummingBad malware is infecting an Android device, CNET suggests downloading and running a security app that contains protective phone software. Some of the suggested security apps include Avast, AVG, Lookout and Zone Alarm.

Once detected, HummingBad malware can be removed from Android mobile devices manually. However, CNET suggests simply backing up contacts and files and performing a factory reset.

To prevent a similar infection in the future, cybersecurity experts suggest running a security app at all times and only downloading Android apps from the official Google Play store. Although these measures will not eliminate the risk of malware, it will greatly reduce the possibility.

HummingBad malware has infected an estimated 10 million Android devices throughout the world. Although it can be detected and removed, cybersecurity experts are concerned similar software will be developed in the future.

[Image via Igor.Stevanicic/Shutterstock]