CHINA TOPIX

11/02/2024 11:25:02 am

Make CT Your Homepage

Beware! This Chinese Malware has Been Infecting Millions of Android Devices

Chinese malware HummingBad has infected at least 10 million Android phones.

(Photo : Getty Images) Chinese malware HummingBad has infected at least 10 million Android phones.

At least 10 million Android devices have reportedly been infected by a Chinese malware called HummingBad, cybersecurity software maker Check Point revealed on Friday.

Check Point has been tracking the malware after it was first discovered in February. Now, it has released an analysis of the threat, saying that the infections went steady for months but increased sharply in mid-May.

Like Us on Facebook

HummingBad provides malicious attackers administrative-level access to infect Android devices by downloading apps and clicking ads without the user's permission. Such intent allows cybercriminals to generate a fraudulent advertising revenue of up to $300,000 per month.

Initially, HummingBad works as a "drive-by download attack" that infects phones when people visit websites.

"The first component attempts to gain root access on a device with ... rootkit [software] that exploits multiple vulnerabilities. If successful, attackers gain full access to a device," the Israel-based cybersecurity firm said. "If rooting fails, a second component uses a fake system update notification, tricking users into granting HummingBad system-level permissions."

Android users from China and India are the usual prey of these attacks. Over 1 million cases have been reported so far from both nations. The United States, on the other hand, account for roughly 250,000 cases.

Interestingly, the group behind HummingBad is Yingmob, which apparently is a Beijing-based legit multimillion dollar advertising analytics agency. "The team responsible for developing the malicious contents is the 'Development Team for Overseas Platform' which includes four groups with a total of 25 employees," Check Point revealed.

Meanwhile, a Google representative told TIME that "we've long been aware of this evolving family of malware and we're constantly improving our systems that detect it," adding that they have been actively keeping users and their information safe by actively blocking infected apps' installations.

Yingmob, on the other hand, has refused to comment on the issue.

Real Time Analytics