Categories: MobilitySecurity

Android Malware Spreads Via Porn Sites

Security researchers have discovered active Android malware that spreads via malicious online advertisements and seeks to take complete control of a targeted device.

The HummingBad malware, which was found on the devices of two employees at a major financial services institution, seems to have infiltrated the Android units via malicous ads displayed on pornographic websites, according to Check Point Mobile Threat Prevention, adding that such malware is also known to spread through major online ad networks.

HummingBad, malware, Android, malvertising, secure-it, security

While HummingBad is relatively harmless for the moment, seeking primarily to drive fraudulent traffic to the Google Play shop in order to boost ad revenues, it remains hidden on the infected system and able to download and install additional components, Check Point said.

“As the malware installs a rootkit on the device, it enables the attacker to cause severe damage if he decides to change his objectives, including installing key-logger, capturing credentials and even bypassing encrypted email containers used by enterprises,” the firm stated in an advisory.

The malware is unusually complex, including two separate attacks that attempt to take over the device – one that does so silently and another that requires user interaction, asking the user to approve the installation of a supposed system software update, Check Point said.

The malware’s malicious components are initially encrypted, making it harder for security software to spot until after the system has been successfully taken over, according to researchers.

Ad fraud

After installation the malware contacts its control servers and tries to download a list of executable files, some of which drive fraudulent traffic to Google Play and others which install fraudulent apps on the system.

“It is interesting to note that all of the command and control servers are still alive and contain dozens of malicious APKs,” Check Point said.

HummingBad is the latest in a series of Android attacks apparently launched by the same group over the past few months, with others including Brain Test, PushGhost and Xinyinhe, according to Check Point.

In September Brain Test was found in applications on Google’s official Play shop, which Google said had been downloaded by up to 1 million users. Google removed similar malware in Play again in January.

Google has frequently been infiltrated by malicious apps, with the Android.Xiny.19.origin Trojan found in more than 60 games earlier this month.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

US Regulator Approves SpaceX Falcon 9 Return To Service

US Federal Aviation Administration approves SpaceX's Falcon 9 rockets to return to service following second-stage…

14 hours ago

X Drops Unilever From Advertiser Lawsuit

Social media platform X drops Unilever from lawsuit against advertisers after reaching agreement on 'safety…

14 hours ago

US Lawmakers Seek Answers From Telcos Over China Hack

US Congressional Representatives ask for answers from AT&T, Verizon, Lumen Technologies after wiretap networks reportedly…

15 hours ago

Northvolt In Talks For 200m Euros In Short-Term Funding

Swedish EV battery start-up Northvolt in talks for 200m euros in short-term funding as it…

15 hours ago

US Labour Board Accuses Apple Of Slack Restrictions

US labour officials say Apple illegally restricted employees' right to discuss workplace issues on Slack…

16 hours ago