Android Malware Grabs 10 Million Devices

mobile malware

The malware, thought to originate in China, generates £232,000 per month in counterfeit ad revenues

Infections of an Android malware family thought to have been developed in China have recently soared and now controls around 10 million devices, according to cybersecurity researchers.

Detections of Android devices attacked by the malware, known under names including HummingBad, Hummer and Shedun, jumped by more than three times in March and again by a factor of six over the past month, according to security firm Lookout.

Malware-1024x1019

New features

“We believe this is attributable to the authors building new functionality or distributing the malware in new ways,” the company said in an advisory.

HummingBad infected up to 63,000 devices per day during the first half of this year, Cheetah Mobile Security Research Lab said earlier this month.

The malware, which is attached to infected versions of Facebook, Twitter, WhatsApp and Okta’s enterprise single sign-on app, installs a rootkit that allows it to remain in place even after a factory reset, Lookout said.

It puts into place applications that generate fraudulent advertising revenue, as well as other fraudulent apps, according to the firm.

The malware is believed to be developed by Chinese organisation called Yingmob, a highly organised group with 25 employees staffing four divisions that develop the malware’s components, according to security firm Checkpoint.

Well-organised group

The group operates alongside a legitimate Chinese advertising analytics company and is believed also to be behind another malware variant called Yispecter, which also generates false ad revenue, Checkpoint said.

Through HummingBad the gang controls about 10 million devices around the world, with the majority in China, India, Indonesia and the Philippines, and generates about $300,000 (£232,000) per month in fraudulent advertising revenues, Checkpoint found.

“This steady stream of cash, coupled with a focused organisational structure, proves cyber criminals can easily become financially self-sufficient,” the company stated.

A report co-authored by BT and KPMG earlier this month found that computer criminals are increasingly forming organisations akin to businesses, with human resources operations and substantial budgets for research and development.

Users can protect themselves from malware such as HummingBad by downloading apps only from well-known sources, an expert said.

“The official Android Google Play store doesn’t have a spotless record when it comes to keeping malware out, but it certainly appears to do a better job than many of the unpoliced unofficial Android app stores out there,” said computer security analyst Graham Cluley in a statement. “If you’re an Android user and care about your security and privacy, only download apps from a legitimate store and always pay attention to the permissions they request.”

Are you a security pro? Try our quiz!