Categories: MobilitySecurity

Android Malware Grabs 10 Million Devices

Infections of an Android malware family thought to have been developed in China have recently soared and now controls around 10 million devices, according to cybersecurity researchers.

Detections of Android devices attacked by the malware, known under names including HummingBad, Hummer and Shedun, jumped by more than three times in March and again by a factor of six over the past month, according to security firm Lookout.

New features

“We believe this is attributable to the authors building new functionality or distributing the malware in new ways,” the company said in an advisory.

HummingBad infected up to 63,000 devices per day during the first half of this year, Cheetah Mobile Security Research Lab said earlier this month.

The malware, which is attached to infected versions of Facebook, Twitter, WhatsApp and Okta’s enterprise single sign-on app, installs a rootkit that allows it to remain in place even after a factory reset, Lookout said.

It puts into place applications that generate fraudulent advertising revenue, as well as other fraudulent apps, according to the firm.

The malware is believed to be developed by Chinese organisation called Yingmob, a highly organised group with 25 employees staffing four divisions that develop the malware’s components, according to security firm Checkpoint.

Well-organised group

The group operates alongside a legitimate Chinese advertising analytics company and is believed also to be behind another malware variant called Yispecter, which also generates false ad revenue, Checkpoint said.

Through HummingBad the gang controls about 10 million devices around the world, with the majority in China, India, Indonesia and the Philippines, and generates about $300,000 (£232,000) per month in fraudulent advertising revenues, Checkpoint found.

“This steady stream of cash, coupled with a focused organisational structure, proves cyber criminals can easily become financially self-sufficient,” the company stated.

A report co-authored by BT and KPMG earlier this month found that computer criminals are increasingly forming organisations akin to businesses, with human resources operations and substantial budgets for research and development.

Users can protect themselves from malware such as HummingBad by downloading apps only from well-known sources, an expert said.

“The official Android Google Play store doesn’t have a spotless record when it comes to keeping malware out, but it certainly appears to do a better job than many of the unpoliced unofficial Android app stores out there,” said computer security analyst Graham Cluley in a statement. “If you’re an Android user and care about your security and privacy, only download apps from a legitimate store and always pay attention to the permissions they request.”

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

AT&T Admits Data Breach Impacted “Nearly All” Customers

American telecommunications giant AT&T admits that “nearly all” customer accounts were compromised in 2022 breach

12 hours ago

Elon Musk’s X Breached DSA Rules, EU Finds

X's Blue checks 'used to mean trustworthy sources of information. Now our preliminary view is…

16 hours ago

Japan’s SoftBank Acquires AI Chip Start-up Graphcore

SoftBank Group has purchased another British chip firm, with the acquisition of Bristol-based Graphcore Ltd…

17 hours ago

Samsung AI-Upgraded Bixby Voice Assistant Coming This Year

Samsung reportedly confirms it will launch the upgraded voice assistant Bixby this year, that will…

1 day ago

Next Neuralink Brain Implant Coming Soon, Says Musk

Despite an issue with first Neuralink implant in a patient, Elon Musk says second brain…

1 day ago

EU Accepts Apple’s Legal Commitments To Open NFC Access

Legal commitment over Apple's NFC-based mobile payments system, which is to be opened to rival…

2 days ago