“HummingBad,” a new Android malware, has infected more than 10 million devices

Image used with permission by copyright holder
There is a new form of Android malware on the loose, and it is wreaking havoc. According to a detailed report from mobile security firm Check Point, HummingBad, a sophisticated bit of malicious code that emerged in February, has already managed to infect more than 10 million Android devices across the globe.

It is not your everyday, run-of-the-mill malware. HummingBad is the product of what Check Point describes as a group of “highly organized … Chinese cyber criminals that is working alongside multimillion-dollar Beijing analytics company Yingmob. It has serious developer muscle behind it: the HummingBad division, which bears the innocuous title “Development Team for Overseas Platform,” staffs 25 developers split into “four separate groups,” each responsible for maintaining the malware’s individual components. And Yingmob shares resources, including servers and the software certificates necessary to perform app installations, with HummingBad.

Recommended Videos

HummingBad infects primarily through “drive-by download,” or by installing itself on devices that visit infected webpages and sites. Its code, which is obfuscated by encryption, attempts to install itself on a given device persistently by multiple means.

The first, a “silent operation” that occurs in the background, is triggered every time the device boots up and its screen turns on. Hummingbird then checks to see if the device’s user account is “rooted” — i.e., has administrative privileges that can bypass security checks — and, if it is, it grants itself unfettered access to files and folders. Failing that, the malware attempts to root the device itself by running “multiple exploits” until it finds one that works.

But HummingBad has a Plan B, too: social engineering. The app pops open a window about an imminent “system update, which, in reality, is malicious code. If an unwitting victim permits the bogus “upgrade,” HummingBad connects to a remote server to download and launch additional applications. One nasty possibility? A keylogger that could “capture credentials and even bypass encrypted email containers used by enterprises,” wrote Check Point.

The driving force behind HummingBad’s development is profit, Check Point reported. Yingmob is currently generating $300,000 per month — $4 million per year — in fraudulent ad revenue. But the group, if it chose, could decide to pursue a far more nefarious purpose: the sale of personal data on infected devices.

HummingBad has gained its largest footholds in Asian markets. More than 1.6 million of the infected devices reside in China and another 1.35 million in India. That compares to 288,800 in the US. Collectively, Yingmob’s suite of malware now reaches 85 million phones and tablets and is now autonomously installing more than 50,000 apps a day, according to Checkpoint.

Google has yet to issue guidance regarding the detection and removal of HummingBad. We will update this story if it does.

Editors' Recommendations

Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
Visible just made its unlimited 5G plan better than ever

Digital wireless service provider Visible has announced upgrades to its premium Visible+ phone plan. The highlight is a new Global Pass feature that allows Visible customers to use their phones in 140 countries worldwide.

The Visible Global Pass offers unlimited talk and text services, along with 2GB of high-speed data, for a flat rate of $10 per day. Visible+ members can also enjoy a free Global Pass usage day every month. The activation process can be done through the Visible app.

Read more
The OnePlus Watch 2 is the Wear OS smartwatch I’ve been waiting for

The OnePlus Watch 2 -- the company's first Wear OS watch -- has entered a market that Samsung dominates. However, OnePlus' popularity as a smartphone brand can be expected to bring small, yet meaningful changes that benefit not only OnePlus users, but all of the Wear OS segment in general.

For almost a decade, Samsung and Apple have predominantly been the default options if you want a smartwatch that is actually useful and goes beyond flashy features. With Samsung shifting gears and migrating from its own Tizen OS to the (relatively) more universal Wear OS platform and Google releasing its own Pixel Watch after struggling with an identity crisis in the smartwatch world, the platform has much more traction than it did a few years ago. As OnePlus carves its way into the segment, it has the opportunity to entice people who don't wish to live within Samsung's limitations when using a Galaxy Watch with another brand's phone.

Read more
Buying an iPad Mini today? You need to know about this deal

If you've had an eye on iPad deals for the latest model of the Apple iPad Mini for a while now, this may be the offer that you've been waiting for -- a $100 discount from Best Buy on the tablet's Wi-Fi, 64GB model, slashing its price to $400 from $500. It's still pretty popular years after its release, so we don't expect stocks of the device for this sale to last long. If you're thinking about taking advantage of this bargain, you better push through with your purchase as soon as possible to make sure that you don't miss out on the savings.

Buy Now

Read more