According to Check Point, a manufacturer of cybersecurity software, a Chinese malware called HummingBad has infected at least 10 million Android powered mobile devices across the globe. The software firm has been monitoring the malware since it was first detected back in February of this year. Just recently, Check Point has published an analytical report of the potential damage that HummingBad can cause to devices. For several months, the number of HummingBad infections remained steady but increased significantly in the month of May.
Check Point believes that HummingBad is the product of a team of developers at Yingmob, an otherwise legitimate, multi-million dollar advertising analytics firm based in the Chinese capital of Beijing. Check Point further noted that despite having teams that create legit tracking and advertising platforms, Yingmob has a particular team that is responsible for creating the harmful components of HummingBad, and this team is the Development Team for Oversears Platform, consisting of four groups with a total number of 25 personnel.
The HummingBad malware started out as a drive by download attack software, wherein mobile devices got infected when their owners paid a visit to specific websites. Check Point detailed how HummingBad’s attack consists of different stages, first gaining root access on a handset, and if that fails, it proceeds to utilizing a fake system update notification, which has the effect of deceiving mobile users into granting systems permission to the malware. After gaining unauthorized access, attackers then use it to rack up fraudulent ad revenues (as much as $300,000 a month) via the forced downloading of mobile apps and clicking of ads.
What is really scary is that the access gained through the HummingBad malware can be sold to hackers, potentially exposing the private information of millions of Android mobile users. Check Point reckons that there are more than 85 million smartphones that have already installed Yingmob’s apps, although only a small percentage of that number comes with HummingBad.
Apart from Check Point, Google is already also aware of the malware’s existence. A spokesperson from the tech giant has confirmed that Google has already made some effort to detect and combat HummingBad.
As stated by Check Point, most of the affected Android users hail from the Chinese and Indian mobile market, which have 1.6 million and 1.35 million cases, respectively. Other affected countries include the Philippines, Indonesia, and Turkey. In the US, more than 280,000 cases have been detected. As for Australia and the United Kingdom, each have no more than 100,000 cases.
