Skip to main content

“HummingBad,” a new Android malware, has infected more than 10 million devices

Mobile Malware
There is a new form of Android malware on the loose, and it is wreaking havoc. According to a detailed report from mobile security firm Check Point, HummingBad, a sophisticated bit of malicious code that emerged in February, has already managed to infect more than 10 million Android devices across the globe.

It is not your everyday, run-of-the-mill malware. HummingBad is the product of what Check Point describes as a group of “highly organized … Chinese cyber criminals that is working alongside multimillion-dollar Beijing analytics company Yingmob. It has serious developer muscle behind it: the HummingBad division, which bears the innocuous title “Development Team for Overseas Platform,” staffs 25 developers split into “four separate groups,” each responsible for maintaining the malware’s individual components. And Yingmob shares resources, including servers and the software certificates necessary to perform app installations, with HummingBad.

HummingBad infects primarily through “drive-by download,” or by installing itself on devices that visit infected webpages and sites. Its code, which is obfuscated by encryption, attempts to install itself on a given device persistently by multiple means.

The first, a “silent operation” that occurs in the background, is triggered every time the device boots up and its screen turns on. Hummingbird then checks to see if the device’s user account is “rooted” — i.e., has administrative privileges that can bypass security checks — and, if it is, it grants itself unfettered access to files and folders. Failing that, the malware attempts to root the device itself by running “multiple exploits” until it finds one that works.

But HummingBad has a Plan B, too: social engineering. The app pops open a window about an imminent “system update, which, in reality, is malicious code. If an unwitting victim permits the bogus “upgrade,” HummingBad connects to a remote server to download and launch additional applications. One nasty possibility? A keylogger that could “capture credentials and even bypass encrypted email containers used by enterprises,” wrote Check Point.

The driving force behind HummingBad’s development is profit, Check Point reported. Yingmob is currently generating $300,000 per month — $4 million per year — in fraudulent ad revenue. But the group, if it chose, could decide to pursue a far more nefarious purpose: the sale of personal data on infected devices.

HummingBad has gained its largest footholds in Asian markets. More than 1.6 million of the infected devices reside in China and another 1.35 million in India. That compares to 288,800 in the US. Collectively, Yingmob’s suite of malware now reaches 85 million phones and tablets and is now autonomously installing more than 50,000 apps a day, according to Checkpoint.

Google has yet to issue guidance regarding the detection and removal of HummingBad. We will update this story if it does.

Editors' Recommendations

Google Pixel Tablet: news, release date and price rumors, and more
The Google Pixel Table and the Speaker Dock.

After years of speculation, Google finally revealed the Pixel Tablet at its annual I/O conference in May 2022. Google was pretty vague at the reveal and has remained tight-lipped when it comes to giving official details about the upcoming tablet.

Luckily, there have been plenty of leaks and rumors about the Pixel Tablet that help paint a picture of what fans can expect when it finally launches later this year. Here's everything we know about the Google Pixel Tablet.
Google Pixel Tablet: design

Read more
A new Android 14 update is here — but you still shouldn’t download it
The Android 14 logo.

Google has released the second developer preview of Android 14, as the next major version of the operating system takes another step toward a full release. Like the first Android 14 developer preview, the clue as to who it’s for is in the name.

This early version is designed for developers to test new features and designs in their apps, and to explore how new tools in the software could help improve them. It’s not designed for everyday use by consumers -- that version will come later.

Read more
Android does this one thing so much better than iOS, and it drives me crazy
Individual volume control sliders on a Samsung Galaxy S23

I’ve long been an iPhone user and always will be — it's just what's in my blood. Even though I’ve been dipping my toes into various Android devices since I started here at Digital Trends, my primary device is still an iPhone 14 Pro. There are a few reasons behind this decision: I’m heavily vested in the Apple ecosystem already, I bought the 1TB model to not worry about storage, and some apps I use don’t have a good enough Android equivalent.

Despite my personal choice of using iOS primarily, the more time I spend with Android, the more I notice things that it does way better than Apple’s iOS. And one of those things is how Android handles volume controls compared to iOS’ rather rudimentary and infuriating system. It may sound like a small thing to home in on, but it's something I just can't overlook.
Apple’s iOS volume controls are badly outdated

Read more