HummingBad Malware Infects 85 Million Android Devices - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Applications
News
7/9/2016
11:05 AM
50%
50%

HummingBad Malware Infects 85 Million Android Devices

A group of Chinese hackers dubbed Yingmob is using a sophisticated malware campaign called HummingBad to access and sell the info stored on Android devices. The malware may have already infected 85 million devices.

8 Reasons You Need A Security Penetration Test
8 Reasons You Need A Security Penetration Test
(Click image for larger view and slideshow.)

The security vulnerabilities of Google's open source mobile operating system Android are well known, and a report from security specialist Check Point reveals the platform's security issues may be intensifying.

The report tracked a group of hackers called Yingmob in China that controls an arsenal of more than 85 million mobile devices around the world. The group has the potential to sell access to these devices to the highest bidder. The report found that the group is able to generate about $300,000 in revenue each week through malicious ads.

Check Point researchers first discovered HummingBad, a malware that establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps, in February.

The HummingBad campaign runs alongside a legitimate advertising analytics business, sharing its technology and resources. It also allows the group to create a botnet, carry out targeted attacks on businesses or government agencies, or sell the access to other cyber-criminals on the black market.

(Image: juniorbeep/iStockphoto)

(Image: juniorbeep/iStockphoto)

"Accessing these devices and their sensitive data creates a new and steady stream of revenue for cybercriminals," the report warned. "Emboldened by financial and technological independence, their skillsets will advance --putting end users, enterprises, and government agencies at risk."

The 24-page report revealed that any data on these devices is at risk, including enterprise data on those devices that serve dual personal and work purposes for end-users.

It's not only the number of devices affected, it's also the level of sophistication behind the campaign that security professionals found disconcerting.

The report explained that HummingBad uses a sophisticated, multi-stage attack chain with two main components, the first of which attempts to gain root access on a device with a rootkit that exploits multiple vulnerabilities.

If successful, attackers gain full access to a device, but if rooting fails, a second component uses a fake system update notification that tricks users into granting HummingBad system-level permissions.

"Yingmob may be the first group to have its high degree of organization and financial self-sufficiency exposed to the public, but it certainly won't be the last," the report concluded. "Check Point believes this dangerous trend will escalate as other groups learn from Yingmob and find new ways to achieve the independence they need to launch larger and more sophisticated attack campaigns in the future."

Google just released the largest set of Android security updates in its history. It issued a bulletin containing details of security vulnerabilities affecting Android devices -- but the security issues facing the platform persist.

[Read more about Google's two-step authentication.]

Trend Micro reported on June 21 that the mobile malware named GODLESS can target any Android running Android 5.1 (Lollipop) or earlier. The company reported that the malware has affected more than 850,000 devices worldwide and can even be found in prominent app stores such as Google Play.

Soon after, Cheetah Mobile estimated that a Chinese hacking organization was making $500,000 a day via a Trojan dubbed Hummer. Calling it the most prolific Trojan in history, the company reported that during the first half of 2016 alone, Hummer infected nearly 1.4 million devices worldwide. In China alone there were 63,000 infections a day.

Android is not the only platform suffering from security issues.

Based on findings in its third Mobile Threat Intelligence Report, Skycure discovered that in large enterprises 3% of all iOS devices have malware installed, though almost twice as many Android devices are likely to be infected.

Nathan Eddy is a freelance writer for InformationWeek. He has written for Popular Mechanics, Sales & Marketing Management Magazine, FierceMarkets, and CRN, among others. In 2012 he made his first documentary film, The Absent Column. He currently lives in Berlin. View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tjgkg
50%
50%
tjgkg,
User Rank: Ninja
8/8/2016 | 5:25:43 PM
Re: Nice try...
Yes that is correct. I do think that Android is tightening things up now. While I like the Apple model better, that is a personal choice. But it is great to at least have a choice as opposed to one size fits all.
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
7/15/2016 | 2:15:28 PM
Re: Nice try...
There's a lesson to be learned here that mirrors the society we live in today.  There's a price for freedom.  Android users have lots of freedom at the expense of security.  It is just a trade-off.
tjgkg
50%
50%
tjgkg,
User Rank: Ninja
7/12/2016 | 9:58:23 AM
Re: Nice try...
Well said. I got off the Android platform about 18 months ago. I actually used their clunky data encryption scheme but found it to be time consuming and it slowed the device down. iOS seems to do a better job with encryption. In fact I think iOS is getting better in all these areas while Android is going backwards. As you say with all the updates they have made recently they are catching up instead of being proactive.
tjgkg
50%
50%
tjgkg,
User Rank: Ninja
7/12/2016 | 9:49:36 AM
Re: Nice try...
Absolutely correct. And as people store their entire lives on these devices and do all their banking and other important business on them, security has to remain at the forefront. To laugh off 85 milllion devices is totally irresponsible.
tjgkg
50%
50%
tjgkg,
User Rank: Ninja
7/12/2016 | 9:47:35 AM
Re: Nice try...
What kind of a response is that? You think that 85 million is a small number to be ignored? It's only going to get worse. And that will apply to all devices whether they are jailbreak or not. Android has serious issues with their security. I'm sure iOS has some issues too but they seem to keep things under control a lot better. People should not have to suffer because Android cannot secure its devices.
hho927
50%
50%
hho927,
User Rank: Ninja
7/11/2016 | 1:20:55 PM
Re: Nice try...
LOL

just ignore it -> doesn't make it go away.

85 mil can be used to steal stuff, spreading malware, or sending spam. The possiblity is endless.
hho927
50%
50%
hho927,
User Rank: Ninja
7/11/2016 | 1:17:32 PM
Re: Nice try...
Google was playing catching up by tried to get many apps asap.

Many malware slipped through.

Google now is cleaning up. But Apps control is still not that tight.

Also Android is based on Java. Java has a bad reputation for security. Ironically, Java was built for security.
melgross
50%
50%
melgross,
User Rank: Ninja
7/10/2016 | 11:21:02 AM
Re: Nice try...
You don't get it. This is just one of many. The fact that this is about 85 million, and likely higher, is a major problem, but with all the others, there is likely at least twice that number in the field. And it isn't true that if you stay in Google Play you're safe. It's been shown numerous times over the years that there are thousands of malicious apps there too, and that Google's methods of finding them are essentially useless. And with the vast number of Android devices out there unable to use device encryption, they are seriously vulnerable.
Vitalyg149
0%
100%
Vitalyg149,
User Rank: Strategist
7/9/2016 | 4:45:53 PM
Nice try...
Nice try phanboy. There are over a billion android devices out there, 85 million is less than 1%. Most of the people who have malware are using hacked devises or some version of unofficial app store...  
Commentary
Enterprise Guide to Digital Transformation
Cathleen Gagne, Managing Editor, InformationWeek,  8/13/2019
Slideshows
IT Careers: How to Get a Job as a Site Reliability Engineer
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/31/2019
Commentary
AI Ethics Guidelines Every CIO Should Read
Guest Commentary, Guest Commentary,  8/7/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
Slideshows
Flash Poll