Hummingbad malware takes control of 10 million Android devices

Malware sells user data, generates fake ad revenue, and recruits devices for botnets

New malware dubbed Hummingbad has infected 10 million Android devices around the world, and 100,000 in the UK alone.

Hummingbad takes over smartphones' and tablets' Android operating systems, according to security firm Check Point, and can sell on users' data or generate $300,000 in fake advertising revenue each month.

Hackers can also use the malware to recruit people's devices into giant botnets that target businesses and government agencies, or sell this access on the black market, warned Check Point, which first discovered Hummingbad in February.

Advertisement - Article continues below

Additionally, the cyber criminals can sell any user data they deem valuable, such as work data stored on Android devices.

Check Point warned in its report on the malware: "Accessing these devices and their sensitive data creates a new and steady steady stream of revenue for cybercriminals. Emboldened by financial and technological independence, their skillsets will advance putting end users, enterprises, and government agencies at risk."

Hummingbad is the work of Chinese hackers, according to Check Point, and is launched alongside authentic analytics and ad platforms, targeting users in a "drive-by download attack" consisting of two components.

The first relies on an Android user browsing a site containing the malware, which attempts to take full control of the device through "root access".

Advertisement
Advertisement - Article continues below

If this is unsuccessful, Check Point explained, the user receives fake system update notifications that try to trick them into granting Hummingbad system-level permissions.

China has the most infected devices, at 1.60 million, while India has 1.35 million the US has 286,800 infected Android devices, and the UK around 100,000.

Check Point warned: "Without the ability to detect and stop suspicious behavior, these millions of Android devices and the data on them remain exposed today."

IT Pro has approached Google, Android's creator, for comment.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/cyber-security/355210/cyber-criminals-torn-over-how-to-adapt-to-post-coronavirus-threat
cyber security

Hackers torn over how to adapt their tactics to the coronavirus pandemic

3 Apr 2020

Most Popular

Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020