Skip to main content

“HummingBad,” a new Android malware, has infected more than 10 million devices

Mobile Malware
Image used with permission by copyright holder
There is a new form of Android malware on the loose, and it is wreaking havoc. According to a detailed report from mobile security firm Check Point, HummingBad, a sophisticated bit of malicious code that emerged in February, has already managed to infect more than 10 million Android devices across the globe.

It is not your everyday, run-of-the-mill malware. HummingBad is the product of what Check Point describes as a group of “highly organized … Chinese cyber criminals that is working alongside multimillion-dollar Beijing analytics company Yingmob. It has serious developer muscle behind it: the HummingBad division, which bears the innocuous title “Development Team for Overseas Platform,” staffs 25 developers split into “four separate groups,” each responsible for maintaining the malware’s individual components. And Yingmob shares resources, including servers and the software certificates necessary to perform app installations, with HummingBad.

HummingBad infects primarily through “drive-by download,” or by installing itself on devices that visit infected webpages and sites. Its code, which is obfuscated by encryption, attempts to install itself on a given device persistently by multiple means.

The first, a “silent operation” that occurs in the background, is triggered every time the device boots up and its screen turns on. Hummingbird then checks to see if the device’s user account is “rooted” — i.e., has administrative privileges that can bypass security checks — and, if it is, it grants itself unfettered access to files and folders. Failing that, the malware attempts to root the device itself by running “multiple exploits” until it finds one that works.

But HummingBad has a Plan B, too: social engineering. The app pops open a window about an imminent “system update, which, in reality, is malicious code. If an unwitting victim permits the bogus “upgrade,” HummingBad connects to a remote server to download and launch additional applications. One nasty possibility? A keylogger that could “capture credentials and even bypass encrypted email containers used by enterprises,” wrote Check Point.

The driving force behind HummingBad’s development is profit, Check Point reported. Yingmob is currently generating $300,000 per month — $4 million per year — in fraudulent ad revenue. But the group, if it chose, could decide to pursue a far more nefarious purpose: the sale of personal data on infected devices.

HummingBad has gained its largest footholds in Asian markets. More than 1.6 million of the infected devices reside in China and another 1.35 million in India. That compares to 288,800 in the US. Collectively, Yingmob’s suite of malware now reaches 85 million phones and tablets and is now autonomously installing more than 50,000 apps a day, according to Checkpoint.

Google has yet to issue guidance regarding the detection and removal of HummingBad. We will update this story if it does.

Editors' Recommendations

Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
The Fitbit app just got its biggest update in years
Fitbit app explore workouts in the Coach tab.

If you’re still a loyal Fitbit user, big changes are starting to roll out to users today. The app has gone through a major redesign that is aimed at making things simpler than ever before. The new design also focuses on three tabs -- Today, Coach, and You  -- to bring the health and wellness data that you actually care about front and center.

With the new Fitbit app, you can track your physical activity with or without a device. This means that you don’t even need a Fitbit device or Google Pixel Watch to count all the steps you take. Thanks to improved communication with your smartphone’s sensors, your phone will do the step counting instead, and the counts are going to be more accurate. You can even track a walk, run, or hike with just the app.

Read more
The best iPhone 15 Pro screen protectors in 2023: our 8 favorites
Color options for the iPhone 15 Pro pair.

You, like many others, just ordered the new iPhone 15 Pro and you’re eagerly awaiting its arrival. Congrats! There’s a lot to love about the iPhone 15 Pro, from the sleek and lightweight titanium material to the Action button, as well as USB-C charging so you can finally ditch that Lightning cable. And it’s all powered with the blazingly fast A17 Pro chip and 8GB RAM.

Though the titanium material means it’s lighter and more durable, the front is still made of glass, though Apple has its Ceramic Shield coating. But sometimes that isn’t enough, and you want to go the extra mile and protect the screen even further.

Read more
Buy a Kindle today and get three free months of Kindle Unlimited
Amazon Kindle (2022) Dark Mode

One of the better Kindle deals at the moment doesn't actually discount the Amazon Kindle, but it does give you three months of Kindle Unlimited entirely for free. Head to the Amazon site now and you can buy the Amazon Kindle for $100 and you'll also get three months of Kindle Unlimited entirely for free. Just remember to cancel the subscription before the three months are up to avoid paying fees. If you're still a little uncertain about buying a Kindle, keep reading while we explain why they're so worthwhile. Avid readers are sure to be impressed.

Why you should buy the Amazon Kindle
One of the best Kindles for anyone seeking the budget option, the Amazon Kindle provides a simple yet delightful reading experience. It's the lightest and most compact Kindle yet while offering a 300 psi high-resolution display so you get sharp text and images as you read. The display is glare-free and paper-like so there's no added strain for your eyes. There's an adjustable front light along with a dark mode to help make reading effortless, regardless of the lighting around you.

Read more