Skip to main content
  1. Home
  2. Phones
  3. Android
  4. Mobile
  5. News

“HummingBad,” a new Android malware, has infected more than 10 million devices

Add as a preferred source on Google

There is a new form of Android malware on the loose, and it is wreaking havoc. According to a detailed report from mobile security firm Check Point, HummingBad, a sophisticated bit of malicious code that emerged in February, has already managed to infect more than 10 million Android devices across the globe.

It is not your everyday, run-of-the-mill malware. HummingBad is the product of what Check Point describes as a group of “highly organized … Chinese cyber criminals that is working alongside multimillion-dollar Beijing analytics company Yingmob. It has serious developer muscle behind it: the HummingBad division, which bears the innocuous title “Development Team for Overseas Platform,” staffs 25 developers split into “four separate groups,” each responsible for maintaining the malware’s individual components. And Yingmob shares resources, including servers and the software certificates necessary to perform app installations, with HummingBad.

Recommended Videos

HummingBad infects primarily through “drive-by download,” or by installing itself on devices that visit infected webpages and sites. Its code, which is obfuscated by encryption, attempts to install itself on a given device persistently by multiple means.

The first, a “silent operation” that occurs in the background, is triggered every time the device boots up and its screen turns on. Hummingbird then checks to see if the device’s user account is “rooted” — i.e., has administrative privileges that can bypass security checks — and, if it is, it grants itself unfettered access to files and folders. Failing that, the malware attempts to root the device itself by running “multiple exploits” until it finds one that works.

But HummingBad has a Plan B, too: social engineering. The app pops open a window about an imminent “system update, which, in reality, is malicious code. If an unwitting victim permits the bogus “upgrade,” HummingBad connects to a remote server to download and launch additional applications. One nasty possibility? A keylogger that could “capture credentials and even bypass encrypted email containers used by enterprises,” wrote Check Point.

The driving force behind HummingBad’s development is profit, Check Point reported. Yingmob is currently generating $300,000 per month — $4 million per year — in fraudulent ad revenue. But the group, if it chose, could decide to pursue a far more nefarious purpose: the sale of personal data on infected devices.

HummingBad has gained its largest footholds in Asian markets. More than 1.6 million of the infected devices reside in China and another 1.35 million in India. That compares to 288,800 in the US. Collectively, Yingmob’s suite of malware now reaches 85 million phones and tablets and is now autonomously installing more than 50,000 apps a day, according to Checkpoint.

Google has yet to issue guidance regarding the detection and removal of HummingBad. We will update this story if it does.

Kyle Wiggers
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
Apple raises iPhone prices by up to 11% in Japan
Apple adjusts Japanese iPhone pricing after the yen hits a 40-year low
Apple iPhone 17 Pro in Cosmic Orange next to the iPhone 17 Pro Max in Deep Blue

Apple has raised the price of every iPhone currently sold through its online store in Japan. The increase covers the iPhone 16, iPhone 17e, iPhone 17, iPhone Air, iPhone 17 Pro, and iPhone 17 Pro Max, with prices climbing by as much as 11.3%.

The change arrives only a month after Apple raised Mac and iPad prices worldwide due to the ongoing memory crunch. This increase, however, appears to have more to do with the falling value of the Japanese yen.

Read more
Samsung Galaxy Z Flip 8: Everything we know about the upcoming clamshell folding phone
Of the three phones expected to arrive at Galaxy Unpacked, the Flip 8 is shaping up to be the most underwhelming.
Three Galaxy Z Flip 7 models next to each other

The Fold 8 Ultra could get a sharper display, a more powerful chipset, a new camera, and a larger battery. Samsung’s purported wider foldable, the Fold 8, is expected to solve the most common problem with tall-body, narrow cover screens by adopting a new aspect ratio. The Flip 8, on the other hand, could only debut with a new chip, and not a Snapdragon one. 

The Flip 7 wasn’t a bad clamshell by any measure. However, it's been one year, and the memory crisis has already hit the smartphone market hard. In a tricky cost-to-margin situation, the Flip 8 could end up getting a price hike without any major improvements, and that might not sit well with potential buyers.

Read more
Google Contacts borrows a handy iPhone trick to make sharing your number easier
google-contacts-app

Google is rolling out a small but useful update to the Contacts app on Android that makes it much easier to find and share your own contact details. Instead of digging through settings or creating a separate contact for yourself, you'll now see a dedicated 'Your Info' card at the very top of your contacts list.

The feature gives you quick access to your phone number, email addresses, and other personal details while also adding a faster way to share them with others. The update is arriving with Google Contacts version 4.83.13.940538822 and is rolling out widely (via 9to5Google).

Read more