Researchers from security firm Check Point have released a report on Hummingbad, a new malware that has infected about 10 million Android devices worldwide.
The malware, which first emerged in February, is capable of establishing a persistent rootkit in Android-powered smartphones and tablets. This allows Hummingbad to install fraudulent apps and generate fraudulent advertising revenue for the company that perpetrated it.
You read that right. Hummingbad is actually making money for the company behind it, specifically a Chinese group that goes by the name YingMob. The malware is supported by a legitimate advertising analytics business that shares resources and technology with Hummingbad.
YingMob is said to be the same company behind the YiSpecter, which is another malware that targeted iPhones and iPads found in the last quarter of 2015.
YingMob has seemingly found success with their implementation of Hummingbad, as the malware-based campaign has generated (PDF) a monthly revenue of $300,000 for the company, which is equivalent to nearly $4 million per year.
Hummingbad primarily infects devices through what is known as drive-by download attacks, which pushes down the malware into smartphones and tablets when users access malicious websites, which are most often adult-oriented websites.
Once downloaded, the malware attempts to gain root access to the device through a rootkit that tries to exploit several known vulnerabilities. If that is not successful, the malware will then release a fake notification for a system update, which looks to trick users into granting Hummingbad the permissions it needs.
Afterwards, Hummingbad tries to download as many malicious apps as it could into the device. The apps will lead to advertising banners to appear on the Android smartphone or tablet, and each attempt to close the advertisements will register as a click, generating revenue for YingMob.
According to Check Point, most of the devices that have been infected by Hummingbad are found in Asia, with China and India having the most number of compromised devices. Nevertheless, it would be a good idea to check if your Android devices have been infected by the malware.
To find out if an Android device has been compromised with Hummingbad, users can choose to download a variety of security software for smartphones and tablets, including the Zone Alarm app by Check Point. Since tools that can detect Hummingbad are already released publicly, Zone Alarm and other security apps will be able to pick up the malware if it is present in a device.
If a smartphone or tablet is revealed to be infected, the only way to delete it from the system is to do a factory reset on the device. This means users will have to go through the painstaking process of backing up the content on their phone, such as their contacts and other files, and then restoring them after the reset is completed.
To prevent Hummingbad and most malware from infecting an Android smartphone, the best advice is to avoid downloading apps from untrusted sources and unofficial app stores. While most Android users in the United States download their apps through Google's Play Store, the habit of downloading apps from other sources is becoming more prevalent, especially in other countries.