HummingBad malware infects 10 million Android phones, produces up to $300,000 a month in ad revenue
According to a cyber security software firm named Check Point, malware called HummingBad has infected more than 10 million Android devices. Interestingly, the developers behind HummingBad work at Yingmob, a multi-million dollar company that deals with advertising analytics in China. The malware can take over an Android device by obtaining root access using rootkit. If that fails, the malware tries to trick a phone's owner into giving it system-level permissions, by using fake update notifications.
Once the phone's owner loses control of the device, the malware clicks on ads and downloads apps without permission, seeking to generate advertising revenue. The malware has generated as much as $300,000 per month. The group also sells access to phones and gives away information stored on them. According to Check Point, 85 million smartphones have Yingmob's apps installed on them, although the percentage of those with the malicious software inside is much smaller. China (1.6 million devices) and India (1.35 million) are the two locations with the most infected devices. In the U.S., that number is 288,800 units.
Check Point has been monitoring the malware since discovering it in February. Yingmob's 'Development Team for Overseas Platform' is said to be the group responsible for the malware, and is made up of 25 people.
source: CNET
"The first component attempts to gain root access on a device with...rootkit [software] that exploits multiple vulnerabilities. If successful, attackers gain full access to a device. If rooting fails, a second component uses a fake system update notification, tricking users into granting HummingBad system-level permissions."-Check Point
Check Point has been monitoring the malware since discovering it in February. Yingmob's 'Development Team for Overseas Platform' is said to be the group responsible for the malware, and is made up of 25 people.
Things that are NOT allowed: