There has been a lot of buzz in the tech community recently about a particularly bad piece of Android malware called HummingBad. The malware infects Android phones when users accidentally download a malicious third-party app, or opt for an unverifiable download on a website which comes loaded with the HummingBad package.
Once HummingBad has infected the device, it establishes a persistent rootkit and takes over its native functions. According to Check Point, an I.T. security company, once HummingBad has infected a device it can install fraudulent apps and even generate false revenue by tricking users into clicking fake ads and links. Check Point estimated that HummingBad was able to yield cyber-criminals nearly $300,000 a month, through this process of click fraud.
The group effectively controls an arsenal of over 85 million mobile devices around the world. – Check Point
These types of click fraud campaigns are common, although often not as financially successful, and can present real issues when it comes to security. Rootkits are packets of malware that establish themselves at the core of the device, or “root,” and they are dangerous because they often hide their existence by maintaining the appearance of something that is not harmful.
Many people whose devices have been infected with this type of malware are entirely unaware that they are being victimized by a cyber-attack, while at the same time their information is being stolen and sold to the highest bidder.
According to Check Point, the dangers of these types of malware go beyond individual users. Malware packages like HummingBad could be used to target government agencies and businesses.
Emboldened by financial and technological independence, [cybercriminals’] skillsets will advance putting end users, enterprises, and government agencies at risk. – Check Point
According to Check Point, this malware attack was part of an elaborate scheme by the Chinese Yingmob, in which the malware was sending notifications to the Umeng tracking and analytics service. Devices have been infected world-wide, with the primary number of infected users in China.
Malware attacks like this that rely on click fraud and that are money-generating are certainly dangerous, but what is perhaps even more frightening is the potential that these rootkits, and the access to your device, has the potential to be sold. We are entering a time when access to certain peoples’ or companies’ device root is a highly valued black-market commodity.
“Check Point believes this dangerous trend will escalate as other groups learn from Yingmob and find new ways to achieve the independence they need to launch larger and more sophisticated attack campaigns in the future.” – Check Point
Regardless, taking the necessary precautions to ensure that a device does not become infected with malicious malware in the first place is the best step towards protection. Stay away from unverified third party apps, and make sure you know the source of files that you are downloading.