Skip to main content
  1. Home
  2. Mobile
  3. News

“HummingBad,” a new Android malware, has infected more than 10 million devices

Kyle Wiggers
By

Mobile Malware
Image used with permission by copyright holder
There is a new form of Android malware on the loose, and it is wreaking havoc. According to a detailed report from mobile security firm Check Point, HummingBad, a sophisticated bit of malicious code that emerged in February, has already managed to infect more than 10 million Android devices across the globe.

It is not your everyday, run-of-the-mill malware. HummingBad is the product of what Check Point describes as a group of “highly organized … Chinese cyber criminals that is working alongside multimillion-dollar Beijing analytics company Yingmob. It has serious developer muscle behind it: the HummingBad division, which bears the innocuous title “Development Team for Overseas Platform,” staffs 25 developers split into “four separate groups,” each responsible for maintaining the malware’s individual components. And Yingmob shares resources, including servers and the software certificates necessary to perform app installations, with HummingBad.

Recommended Videos

HummingBad infects primarily through “drive-by download,” or by installing itself on devices that visit infected webpages and sites. Its code, which is obfuscated by encryption, attempts to install itself on a given device persistently by multiple means.

Related

The first, a “silent operation” that occurs in the background, is triggered every time the device boots up and its screen turns on. Hummingbird then checks to see if the device’s user account is “rooted” — i.e., has administrative privileges that can bypass security checks — and, if it is, it grants itself unfettered access to files and folders. Failing that, the malware attempts to root the device itself by running “multiple exploits” until it finds one that works.

But HummingBad has a Plan B, too: social engineering. The app pops open a window about an imminent “system update, which, in reality, is malicious code. If an unwitting victim permits the bogus “upgrade,” HummingBad connects to a remote server to download and launch additional applications. One nasty possibility? A keylogger that could “capture credentials and even bypass encrypted email containers used by enterprises,” wrote Check Point.

The driving force behind HummingBad’s development is profit, Check Point reported. Yingmob is currently generating $300,000 per month — $4 million per year — in fraudulent ad revenue. But the group, if it chose, could decide to pursue a far more nefarious purpose: the sale of personal data on infected devices.

HummingBad has gained its largest footholds in Asian markets. More than 1.6 million of the infected devices reside in China and another 1.35 million in India. That compares to 288,800 in the US. Collectively, Yingmob’s suite of malware now reaches 85 million phones and tablets and is now autonomously installing more than 50,000 apps a day, according to Checkpoint.

Google has yet to issue guidance regarding the detection and removal of HummingBad. We will update this story if it does.

Editors' Recommendations

Topics
Kyle Wiggers
Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
How to fix the ‘Not Registered on Network’ error on a Samsung Galaxy phone
Someone holding the Samsung Galaxy S24 Ultra and the Galaxy S23 Ultra.

Unlike our phones, the SIM cards that connect them to a network have barely evolved over the last decade or so. This can sometimes mean you'll have trouble connecting to a network, even when the phone and the SIM card are seemingly just fine. If you are using a Samsung Galaxy or another Android phone or tablet with cellular connectivity, you might see an error on your phone that says "Not Registered on Network."

Read more
How to create a Smart Playlist in Apple Music
Creating a Smart Playlist in Music on a MacBook.

If you own a Mac, one of the best ways to take advantage of the built-in Music app is with Smart Playlists. These are automated song libraries that will periodically update, based on criteria you select when building this special playlist. It’s totally free to make a Smart Playlist, and there’s no cap on how many you can have either.

Read more
Save $200 on this Android phone and get free Bose earbuds
Motorola Edge Plus (2023) lying on a bench.

For those who are looking to buy a new Android phone, you may want to go for this offer from Motorola -- the third-generation Motorola Edge Plus for only $600 following a $200 discount on its original price of $800, and it comes with the Bose QuietComfort Earbuds II, which are worth $299, for free. That's unbelievable value that will be tough to get from other phone deals, but you'll have to hurry with your purchase if you want to take advantage of this bargain because there's no telling when it ends.

Why you should buy the Motorola Edge Plus (2023)
We reviewed the third-generation Motorola Edge Plus, released just last year, as a worthy competitor to the Google Pixel 7 Pro and the Samsung Galaxy S23. The smartphone features a 6.7-inch curved OLED display with Full HD+ resolution and a 165Hz refresh rate, and it's protected by Corning Gorilla Glass Victus to prevent scratches from daily wear and tear. The Motorola Edge Plus is also pretty fast with its Qualcomm Snapdragon 8 Gen 2 processor and 8GB of RAM, and while it ships with Android 13, you can upgrade it to the latest Android 14 as soon as you unbox the device.

Read more