A new malware has infected millions of devices which is being known as HummingBad is believed to be associated with Chinese cyber criminals Yingmob. 10 million of Android devices have been infected globally by the HummingBad malware, according to mobile threat researchers from Check Point, a cyber security solutions provider.

What is HummingBad Malware?

HummingBad malware injects infected ads and installs fraudulent apps on users device. This malware is found to create a persistent rootkit that is an undetectable backdoor, which helped generate fraudulent ad revenue and plagued users with malicious apps. HummingBad malware was first discovered in February and is estimated to be generating $300,000 per month in fraudulent ad revenue.

According to Check Point, the party behind HummingBad malware is a group Chinese cyber criminals known as Yingmob. The group has 25 cybercriminals across four different groups that maintain the components of HummingBad. Furthermore, Ying mob skirted detection by working alongside a legitimate Chinese analytics business, which provides legitimate advertising analytics products, resources, and technology to this team. Acccording to the reports from Motherboard, The analytics company has been compilcit with HummingBad malware to generate more clicks for its ad servers.

HummingBad installs more than 50,000 fraudulent apps each day in total on all android devices, and displays more than 20 million ads per day in these apps. IT admins should be wary because this put their organization’s data at risk.

What makes HummingBad so scary is that it can run undetected. Rooted users won’t be able to detect if malicious software is being installed as it can be performed remotely and silently. And if you’re not rooted, HummingBad will repeatedly try to get you to install apps, though it’s unclear whether uninstalling the apps will remove them completely.

Yingmob is also suspected to be behind the iOS malware called Yispecter.

How to protect yourself from HummingBad malware?

1. Don’t root your Android device: HummingBad scans if your Android device has root access and will install infected apps silently without your knowledge, if you are in fact rooted. If you don’t have root access to your phone, HummingBad will try to trick you into allowing it to install software by imitating a legitimate app. This installation process will, at the very least, give you a red flag that something’s wrong.

2. Don’t allow installation from “Unknown Sources”: Some Android users will check the option to install software from “Unknown Sources” in the settings to install apps that aren’t available in the Google Play Store. Amazon’s Android app store requires this option to be enabled, but it poses a security vulnerability if users aren’t closely monitoring what apps are being installed. It’s best to leave the “Unknown Sources” option unchecked.

3. Update your phone to the latest software: If you’ve been dismissing that nagging notification to update your phone’s software, don’t. Android’s software updates contain security fixes and improvements that will help you avoid falling victim to HummingBad. Check Point’s data shows most affected devices are running outdated versions of Android.

4. Install an antivirus app: While antivirus apps can’t stop all attacks, they can be an additional security layer, alerting you to apps that are asking for excessive permissions or blocking app installs.

Leave a Reply