Chinese Malware Infects Over 10 Million Android Devices
A certain malware has infected more than 10 million Android smartphones, according to reports we gathered from Check Point, an internet security firm. The cyber security company first discovered the malware in February, though the infection wasn’t as widespread as it is currently.
HummingBad malware is developed by Yingmob, a Chinese cyber criminal group which seems to have an affiliation with a rather legitimate Chinese analytics company. The malware is said to have infected users majorly in India and China. The infection is already spreading to other parts of the world presently, and according to reports, Yingmob controls over 85 million devices though only 10 million are currently infected.
According to Check Point:
Yingmob has several teams developing legitimate tracking and ad platforms. The team responsible for developing the malicious components is the “Development Team for Overseas Platform” which includes four groups with a total of 25 employees.
This report explains that the malware would first take control of the device by gaining root access:
HummingBad uses a sophisticated, multi-stage attack chain with two main components. The first component attempts to gain root access on a device with a rootkit that exploits multiple vulnerabilities. If successful, attackers gain full access to a device. If rooting fails, a second component uses a fake system update notification, tricking users into granting HummingBad system-level permissions.
Though for now, all that Yingmob gets from this widespread attack is ad revenue which totally amounts to about $300,000 per month. Yingmob operates with sophistication, and they have already posed threats to iOS devices too in the past. Read the full report here.