Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

Android Malware HummingBad

Old 07-05-16, 12:06 PM
  #1  
DVD Talk Legend
Thread Starter
 
kenbuzz's Avatar
 
Join Date: Jun 2000
Location: Bloomington, IN
Posts: 20,727
Android Malware HummingBad

Check Point has just reported that >10 Million Android devices have been infected with Chinese malware HummingBad, generating $300K in fraudulent ad revenue, and opening the door to data theft.

Targeted devices are currently primarily in the Far East (China, India, Philippines) running Jelly Bean or Kit Kat. But there are several known Marshmallow installs, and there's no reason to expect this won't go global.

Linky: http://betanews.com/2016/07/05/andro...nthly-revenue/
Direct Link to CP's Report: http://blog.checkpoint.com/wp-conten...INAL-62916.pdf

Android malware HummingBad generates $300,000 in monthly revenue

Check Point has published a report on the HummingBad malware campaign, finding that it generates $300,000 a month in fraudulent revenue with a pool of 85 million infected Android devices across the globe at its disposal. In a year attackers are looking at about $3.6 million in revenue, assuming the number of devices does not expand considerably.

The malware behind HummingBad is created by a group of Chinese hackers, who generates that kind of revenue by selling access to the infected devices to, basically, "the highest bidder". The malware is a persistent Android rootkit, which enables the attackers to install apps to serve advertisements.

Check Point estimates the number of malicious apps to be roughly 50, which have almost 10 million users in countries like China, India, and Philippines. The victims are primarily using KitKat (50 percent) or Jelly Bean (40 percent), while only one percent of them are on the latest-available version of Android, namely Marshmallow.

The security firm has connected HummingBad to a Chinese mobile ad server company, called Yingmob, which is also associated with iOS malware Yispecter. This operation features three projects in development with multiple product lines, which suggests that we are looking at a well organized group.

There is even an address provided, which in my experience is unusual, which is Level 5, Xingdu Plaza, 73 Beiqu Rd., Yuzhong, Chongqing, China. That is where the so called "Development Team for Overseas Patform", which is responsible for the development of the malicious components of Yingmob's malware business, can be found.

The interesting thing is that the HummingBad campaign shares the technology and resources of what is believed to be a legitimate advertising analytics business, which is what allows it to control so many Android devices. Check Point says that the group behind the campaign successfully roots hundreds of devices every day, out of thousands of attempts.

While it currently only does so for advertising purposes, it is possible to utilize that pool of infected devices to create a botnet to carry out a cyberattack, for instance. There is also the risk of data theft, which can open new revenue streams for the attackers.
kenbuzz is offline  
Old 07-05-16, 12:19 PM
  #2  
DVD Talk Legend
Thread Starter
 
kenbuzz's Avatar
 
Join Date: Jun 2000
Location: Bloomington, IN
Posts: 20,727
Re: Android Malware HummingBad

I just read the CheckPoint report (you should too - it's fascinating). It explains in detail how the code works. And it also reports that there are already more than a quarter-million infected devices in the US.
kenbuzz is offline  
Old 07-06-16, 03:34 PM
  #3  
DVD Talk Legend
 
Join Date: Nov 2000
Location: Lower Beaver, Iowa
Posts: 10,522
Re: Android Malware HummingBad

Ho-hum. Don't install apps from illegitimate third-world app stores and you should be fine.

http://www.gottabemobile.com/2016/07...-need-to-know/
Mr. Salty is offline  

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive Advertising Cookie Policy Privacy Statement Terms of Service

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.