At least 10 million Android devices have been infected by malware called HummingBad, according to cybersecurity software maker Check Point.
The group behind the malware is a team of developers at Yingmob, according to Check Point. Based in Beijing, Yingmob is a multimillion-dollar advertising analytics agency that is an otherwise legitimate business.
Videos by PopCulture.com
On Friday, Israel-based company Check Point stated in an analysis regarding the situation, “Yingmob has several teams developing legitimate tracking and ad platforms. The team responsible for developing the malicious components is the ‘Development Team for Overseas Platform’ which includes four groups with a total of 25 employees.”
The HummingBad malware first began as a “drive-by download attack,” which infected people’s phones upon visiting certain websites. Now HummingBad has been able to do even more damage through this most recent development in the malware. “The first component attempts to gain root access on a device with…rootkit [software] that exploits multiple vulnerabilities. If successful, attackers gain full access to a device,” Check point mentioned. “If rooting fails, a second component uses a fake system update notification, tricking users into granting HummingBad system-level permissions.”
Through the forced downloading of apps and clicking of ads, the cybercriminals are able to access the cell phone user’s device and is able to generate fraudulent advertising revenue, apparently up to $300,000 per month according to CNET. Not only can cybercriminals hack Android users phones, but they can also access the information stored in the phone. Check Point estimates that nearly 85 million phones have the group’s apps installed, but only a small fraction of the phones have been infected by the malicious software.
Most the victims are located in China and India, with 1.6 million and 1.35 million cases respectively. CNET also reports that the US has around 288,800 infected devices.
If you are an Android user, you may want to make sure that your device is not infected with the malicious software HummingBad.