HummingBad malware infects 10 million Android devices

10 million Android phones affected by HummingBad malware, here’s how you can protect yourself

A new malware called HummingBad has infected more than 10 million Android devices, according to a report published by cyber security software firm named Check Point. Millions of more devices could be at risk from HummingBad, or other malware created by the company behind it. What is interesting is that the developers behind HummingBad work at Yingmob, a multi-million dollar company deals with advertising analytics in China.

So, how does the malware work? HummingBad infects primarily through “drive-by download,” or by installing itself on devices that visit infected web pages and sites. It’s code, which is obfuscated by encryption, attempts to install itself on a given device persistently by multiple means.

The first, a “silent operation” that occurs in the background, is triggered every time the device boots up and its screen turns on. Then, Hummingbad checks to see if the device’s user account is “rooted.” Using rootkit, the malware can take over an Android device by getting root access. If that fails, by using fake update notifications, the malware tries to trick the phone’s owner into giving it system-level permissions. Once the phone’s owner loses control of the device, the malware clicks on ads and downloads apps without permission, looking to generate advertising revenue.

Yingmob’s ‘Development Team for Overseas Platform’ is said to be the group responsible for the malware. “The group is highly organized,” Check Point notes, “with 25 employees that staff four separate groups responsible for developing HummingBad’s malicious components.” More so, the group appears to be extremely successful, with revenue being generated as much as $300,000 per month from their malicious undertaking. The group also sells access to phones and gives away information stored on them.

Currently, the most affected devices happen to be located in China (1.6 million) and in India (1.35 million). In the U.S., that number is 288,800 units. Collectively, Yingmob’s suite of malware now reaches 85 million phones and tablets and is now autonomously installing more than 50,000 apps a day, according to Checkpoint.

“HummingBad uses a sophisticated, multi-stage attack chain with two main components. The first component attempts to gain root access on a device with a rootkit that exploits multiple vulnerabilities. If successful, attackers gain full access to a device. If rooting fails, a second component uses a fake system update notification, tricking users into granting HummingBad system-level permissions.

Irrespective of whether rooting is successful, HummingBad downloads as many fraudulent apps to the device as possible. The malicious apps in the HummingBad campaign are made of a mix of several malicious components, many of which have variations with the same functionality. In some cases, the malicious components are dynamically downloaded onto a device after the infected app is installed.” – Checkpoint.

From the time, the malware was discovered in February, Check Point has been monitoring the malware.

So, in such a scenario, how do you protect yourself?

The majority of the infected Android users are running the outdated KitKat version (4.4) of Android with the most current version, Marshmallow (6.0), making up only 1% of affected devices.

While HummingBad is certainly worrisome, there are steps you can take to prevent yourself from becoming a victim.

  • 1. Don’t root your Android device. Though this advice may fall on deaf ears of Android users, it’s pertinent to note that HummingBad scans if your Android device has root access. If you are rooted, it will install infected apps silently without your knowledge. If you don’t have root access to your device, HummingBad will try to fool you into allowing it to install software by faking a legitimate app. At the very least, this installation process will give you a red flag that something’s wrong.
  • 2. Don’t allow installation from “Unknown Sources“: There are some Android users who go and check the option to install software from “Unknown Sources” in the Settings to install apps that are not available in the Google Play Store. This option needs to be enabled in Amazon’s Android app store, but it poses security vulnerability if users aren’t closely checking what apps are being installed. The best solution to this would be to leave “Unknown Sources” option unchecked.
  • 3. Update/upgrade your smartphone to the latest software/firmware : Don’t dismiss the nagging notification to update your smartphone’s software. Android’s software updates comprise of security fixes and improvements that will help you to avoid falling victim of HummingBad. Most affected devices are running outdated versions of Android, according to Check Point.
  • 4. Install an antivirus app: While antivirus apps can’t stop all attacks, you can add an extra security layer, notifying you to apps that are requesting for excessive permissions or blocking app installs.

LEAVE A REPLY

Please enter your comment!
Please enter your name here