Check Point, a cybersecurity software maker, estimates that at least 10 million Android devices have been infected by the HummingBad malware since it was seen last February. The malware generates US$300,000 a month of ad revenue for the hacking group.
The cybersecurity company has been monitoring the malware for months, which has seen a steady increase until its infection spiked by mid-May. Checkpoint was also able to establish that a group called Yingmob was responsible for it, which is composed of Chinese cyber criminals. They were able to install a rootkit app on Android devices that gave them fraudulent ad revenue. In the process, their app also allowed them to install more apps that are deceitful, as explained by the cyber security firm in a blog post.
Additionally, with the control of around 10 million devices globally, Yingmob is said to be generating around US$300,000 a month from these scrupulous ads.
The company stated, “Yingmob runs alongside a legitimate Chinese advertising analytics company, sharing its resources and technology. The group is highly organized with 25 employees that staff four separate groups responsible for developing HummingBad’s malicious components.”
Another cybersecurity firm discovered that Yingmob was also responsible for an iOS malware, Yispecter, while Checkpoint was able to establish that Yingmob is connected to a Chinese-based analytic research company that shares its technology and resources to the scalawag group. Check Point was also able to conclude the following:
Yispecter uses Yingmob’s enterprise certificates to install itself on devices
HummingBad and Yispecter share C&C server addresses
HummingBad repositories contain QVOD documentation, an iOS porn player targeted by Yispecter
Both install fraudulent apps to gain revenue
CNBC reported that China alone has some 1.6 million infected devices, India has more than 1.3 million, the Philippines has 520,000 and Indonesia has close to 500,0000 infections. The Guardian added that there around 250,000 infected devices in the United States.
Security experts are advising Android users to check their downloaded apps and see if there are applications that they did not install themselves. If apps like these are discovered, it is advisable to reset their smartphones to factory settings. Users are also advised to download apps from legitimate sites, such as Google Play.