Home Business IT Security And the next Android trojan is – HummingBad

And the next Android trojan is – HummingBad

HummingBaD is more than a comment on your musical ability – it has infected more than 10 million Android devices in the past few months.

What makes this worse is that it is run like a business, employing 25 staff in China, and there is no sign it will stop developing more malicious components. The business generates about US$300,000 per month in fraudulent advertising click revenue and potentially the sale of personally identifiable information on the smartphone.

For five months, Check Point Mobile threat researchers had unprecedented access to the inner-workings of Yingmob, a group of Chinese cyber criminals behind the HummingBad malware campaign. They also provide legitimate advertising analytics products and are suspected to be behind the iOS malware called Yispecter.

HummingBad is malware that establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps.

Check Point says until now Hummingbad has been more of a nuisance. But as the malware installs a rootkit on the device, if the cybercriminal decides to change their objectives it could be used to cause severe damage, including installing a keylogger, capturing credentials and even bypassing encrypted email containers used by enterprises.

Hummingbad comes via infected apps — side-loaded as is the custom in many countries  and its components are encrypted within the app, making it much harder for security solutions to detect. Each attack vector consists of several stages, including decrypting and unpacking the actual malicious codes.

It may also come in the form of an operating system update message. It has reached Australia and other countries via the Asian community that is more willing to side-load and avoid Google Play.

It also initiates a silent attack vector – you don’t see the impact on the device or data allowances.

Check Point has updated its Android anti-virus and malware protection to identify it. This report comes just days after the discovery of Hummer Trojan that seems to operate on similar lines.

As it is a rootkit, a typical reset and wipe may not work and users may have to re-flash their phones.


Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?


Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!