News Details

HummingBad: Chinese malware

[2016-07-06]

 EXPERTS estimate more than 10 million Android devices around the world have been infected by malware linked to a Chinese company.

Cybersecurity specialist Check Point has been tracking the malware called HummingBad since its discovery in February and claim there has been a spike in infected devices.

In a new report, Check Point said the malware was a multistage attack chain with two main components, which first infected Androids when people visited certain websites.

“The first component attempts to gain root access on a device with a rootkit [software] that exploits multiple vulnerabilities. If successful, attackers gain full access to a device,” the report read.

“If rooting fails, a second component uses a fake system update notification, tricking users into granting HummingBad system-level permissions.”

According to Check Point, an otherwise legitimate mobile advertising analytics agency based in Beijing known as Yingmob is responsible for the malware.

“Yingmob has several teams developing legitimate tracking and ad platforms. The team responsible for developing the malicious components is the “Development Team for Overseas Platform” which includes four groups with a total of 25 employees,” the report read.

The cybersecurity firm’s analysis detailed Yingmob was using the malware to generate fraudulent advertising revenue through the forced downloading of apps and clicking of ads, which was making the company as much as $A402,000 per month.

“Yingmob may be the first group to have its high degree of organisation and financial self-sufficiency exposed to the public, but it certainly won’t be the last,” the report read.

 

The good news is there is likely fewer than 100,000 devices in Australia that are infected.

HOW TO FIND OUT IF YOU ARE INFECTED?

Thankfully, the malicious software is now well known to cybersecurity experts and can be easily detected by any decent protective phone software.

Options include Check Point’s Zone Alarm, 360 Security’s Antivirus Boost, Avira Antivirus Security and a plethora of other options.

Running antivirus software will quickly detect and notify the user of bad actors on their device.

WHAT TO DO IF YOU ARE INFECTED?

Despite only being fewer than 100,000 devices infected in Australia, the malware is cause for concern and should be removed.

Thankfully, there are a couple of methods to achieve this.

The first requires the painstaking task of finding the source of the malware and manually removing it.

The other slightly annoying option is performing a factory reset of the phone, which is guaranteed to be much quicker for those not experts in malicious mobile apps.