Home Business IT Security And the next Android trojan is – HummingBad

And the next Android trojan is – HummingBad

HummingBaD is more than a comment on your musical ability – it has infected more than 10 million Android devices in the past few months.

What makes this worse is that it is run like a business, employing 25 staff in China, and there is no sign it will stop developing more malicious components. The business generates about US$300,000 per month in fraudulent advertising click revenue and potentially the sale of personally identifiable information on the smartphone.

For five months, Check Point Mobile threat researchers had unprecedented access to the inner-workings of Yingmob, a group of Chinese cyber criminals behind the HummingBad malware campaign. They also provide legitimate advertising analytics products and are suspected to be behind the iOS malware called Yispecter.

HummingBad is malware that establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps.

Check Point says until now Hummingbad has been more of a nuisance. But as the malware installs a rootkit on the device, if the cybercriminal decides to change their objectives it could be used to cause severe damage, including installing a keylogger, capturing credentials and even bypassing encrypted email containers used by enterprises.

Hummingbad comes via infected apps — side-loaded as is the custom in many countries  and its components are encrypted within the app, making it much harder for security solutions to detect. Each attack vector consists of several stages, including decrypting and unpacking the actual malicious codes.

It may also come in the form of an operating system update message. It has reached Australia and other countries via the Asian community that is more willing to side-load and avoid Google Play.

It also initiates a silent attack vector – you don’t see the impact on the device or data allowances.

Check Point has updated its Android anti-virus and malware protection to identify it. This report comes just days after the discovery of Hummer Trojan that seems to operate on similar lines.

As it is a rootkit, a typical reset and wipe may not work and users may have to re-flash their phones.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips


Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!