Click to Skip Ad
Closing in...

New Android malware has already infected 10 million devices worldwide

Updated Nov 22nd, 2019 4:28AM EST

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Another day, another report of Android malware wreaking havoc across the world. Earlier this month, security researchers from Check Point published a report on a newly discovered piece of malware called HummingBad that has reportedly infected as many as 10 million devices worldwide.

According to the report, the malware is being run by a Chinese group called YingMob which leverages the malware to install fraudulent apps and generate fraudulent ad revenue. “The group is highly organized,” Check Point notes, “with 25 employees that staff four separate groups responsible for developing HummingBad’s malicious components.” What’s more, the group appears to be extremely successful, with revenue from their malicious undertaking reportedly bringing in as much as $300,000 per month. As it stands now, most affected devices happen to be located in China and in India.

DON’T MISS: Foxconn spy shot reveals new iPhone 7 details no one saw coming

As for how the malware operates and manages to gain access to a particular device, the report notes that HummingBad began as a “drive-by download attack” wherein the malware was pushed down to a device when users visited malicious sites, often adult-oriented websites.

HummingBad uses a sophisticated, multi-stage attack chain with two main components. The first component attempts to gain root access on a device with a rootkit that exploits multiple vulnerabilities. If successful, attackers gain full access to a device. If rooting fails, a second component uses a fake system update notification, tricking users into granting HummingBad system-level permissions.

Irrespective of whether rooting is successful, HummingBad downloads as many fraudulent apps to the device as possible. The malicious apps in the HummingBad campaign are made of a mix of several malicious components, many of which have variations with the same functionality. In some cases, the malicious components are dynamically downloaded onto a device after the infected app is installed.

When installed, the malware results in ad banners popping on user devices with a “close” button that in reality registers as a click on the ad in question. Notably, the appearance of an ad banner cannot be dismissed until a click is registered.

The distribution of the malware worldwide can be seen below.

hummingbad malware

As for a breakdown across varying versions of Android, KitKat users are the most widely affected.

hummingbad android os

Check Point’s full report on the HummingBad malware can be viewed via the source link below.

Yoni Heisler Contributing Writer

Yoni Heisler has been writing about Apple and the tech industry at large with over 15 years of experience. A life long expert Mac user and Apple expert, his writing has appeared in Edible Apple, Network World, MacLife, Macworld UK, and TUAW.

When not analyzing the latest happenings with Apple, Yoni enjoys catching Improv shows in Chicago, playing soccer, and cultivating new TV show addictions.