New ‘HummingBad’ malware affects over 85 million users Worldwide

Researchers at Check Point revealed that this cyber crime group has a control over as many as 85 million devices, generating the company $300,000 per month in fraudulent ad revenue.

The malware is called HummingBad, according to a security analysis from security software maker Check Point.

The malware installs a piece of software onto infected Android devices that gives cybercriminals administrative-level access, which is used to generate fraudulent advertising revenue through forced app downloading and ad clicking, CNET reported. A new report details how one Chinese company is making $300,000 per month by taking over Android devices and creating phony advertising revenue on a massive scale. But the group, if it chose, could decide to pursue a far more nefarious objective: the sale of personal data on infected devices. The malware consists of a persistent rootkit, which the hackers install on Android devices. The majority of victims are from China, Taiwan, India and Philippines, but there are hundreds of thousands of infected devices in the US, Russia, Mexico or Turkey as well.

Have clear policies in place for corporate- and employee-owned devices, which should include mandates to only install applications from the Google Play Store, keep all default system security settings in place, disallow suspicious permission requests from apps, avoid rooting the device, and keep the operating system up to date.

According to Check Point, the Israeli cyber security software company who exposed it, the malware was created to simulate or force “clicks” on ads in your smartphone browser.

Devices in China and India have been hit the worst by the cyber attack, where a combined total of almost 3 million devices were compromised, the report says. In the US, that number is 288,800 units.

“Yingmob’s apparent self-sufficiency and organizational structure make it well-positioned to expand into new business ventures”, researchers wrote in Check Point’s report (.PDF), “including productizing the access to the 85 million Android devices it controls”.

But this report just looks at the Android side-Yingmob has also been linked to malware on iOS.

For the infected, “The scary part is that there is a backdoor that now can be utilized by any other cybercriminal group” that might partner with Yingmob and piggyback on their work, said Shaulov.