Tuesday, 5 July 2016

10 million android devices allegedly affected by android malware

So, for all of us Android users, the alert has been sent for us to look out for a potential android malware infection. Aparently, ten million Android devices have been infected by malware called "HummingBad", according to Check Point. The cyber security firm said it discovered the malware in February, and has been tracking it ever since.

Why is this bad? it is bad because by all indications the most dangerous part of the malware are the people behind it. A team of developers at Yingmob, an otherwise legitimate, multi-million dollar advertising analytics agency based in Beijing.

"Yingmob has several teams developing legitimate tracking and ad platforms," the report alleges. "The team responsible for developing the malicious components is the 'Development Team for Overseas Platform' which includes four groups with a total of 25 employees."

"The malware installs a piece of software called a rootkit onto infected Android devices, giving the cyber criminals admin-level access to smartphones." 

This access is used to generate fraudulent advertising revenue -- apparently up to $300,000 per month -- through the forced downloading of apps and clicking of ads. But it's not just fake ad revenue at stake here, as the group is able to sell access to phones or give away information held on them. Check Point estimates that over 85 million smartphones have the group's apps installed on them, but only up to 25 percent of these include malicious software.
The bulk of victims are in China and India, with 1.6 million and 1.35 million cases respectively. The Philippines, Indonesia and Turkey are towards the top of the list, too, while the US has 288,800 infected devices. The UK and Australia each have fewer than 100,000 devices affected. The verdict is still out on the rest of the world, but we are willing to bet that places such as the Caribbean are probably very badly affected as most of the phones are imported from china.

Malware has done considerable damage to mobile platforms over the past year. Apple, previously known for being virus and malware-proof, has been hit by multiple attacks, including some perpetrated by the same group behind "HummingBad", according to Check Point. 

200 Different Apps are used to Spread HummingBad, Check Point notes that HummingBad establishes a persistent rootkit on infected Android devices to produce fraudulent ad revenue, and installs an additional of over 50,000 fraudulent apps per day to increase revenue for the fraudster. From August 2015, Yingmob has used nearly 200 different apps to distribute HummingBad Android malware.

Meanwhile, a Russian hacker last month used malware to steal the data of millions of Twitter users. Neither Yingmob nor Google immediately responded to requests for comments according to reports.