There have been around at least ten million Android devices infected by Chinese malware called “HummingBad“. This was reported in the specialized security company Check Point, the same as in February this year has identified the malware targeting Android and installs a rootkit that makes “root” of the mobile device.
Although it was discovered in February, according to Check Point malware for Android HummingBad has long been in the top 10 of the attacks proving that hackers see the Android mobile devices as a weak security breach of the company, and as targets potentially high yield.
What makes particularly interesting HummingBad is the group that created the malware: second Check Point is a team of developers Yingmob, legitimate advertising analytics agency based in Beijing.
“Yingmob” writes Check Point, “he has numerous teams who develop legitime platforms for the tracking of ads”
“The person in charge of malicious components is the team ‘Team for Overseas Development Platform’, a group that includes four groups for a total of 25 employees. The “infection” with HummingBad are completed by visiting certain websites in order to gain root privileges. Apparently the earning from this malware goes to average of $ 300,000 per month, using mechanisms that force the download of particular app and click on certain ads. To make HummingBad particularly dangerous is that this installs a persistent rootkits on the device, as well as fraudulent potenzialmente applications, with few changes, could trigger other malicious activity, such as a key logger installation, the theft of credentials, bypass the encryption systems email used by companies.
The majority of the victims are residents of China and India (speaking around of 1.6 and 1.3 million “infected” devices); follow on users of Android devices in the Philippines, Indonesia and Turkey. In the United States they would have been detected 288,800 cases; in the UK and Australia 100,000 “infected devices“.
The full report with technical details about how the malware can be downloaded from this address in PDF format.