Latest in Gear

Image credit:

Android malware from Chinese ad firm infects 10 million devices

Researchers say Yingmob is a malware kingpin doubling as a legit company.
4854 Shares
Share
Tweet
Share
Save

The Android malware Hummingbad has infected 10 million devices so far, but what's most interesting is where it comes from. First discovered by the security firm Check Point in February, the researchers have tied it to Yingmob, a highly organized Chinese advertising and analytics company that looks like your typical hum-drum ad firm. Once it successfully infects and sets up a rootkit on Android devices (giving it full administrative control), Hummingbad generates as much as $300,000 a month through fraudulent app installs and ad clicks. As Check Point describes it, Hummingbad is an example of how malware companies can support themselves independently.

"Emboldened by this independence, Yingmob and groups like it can focus on honing their skill sets to take malware campaigns in entirely new directions, a trend Check Point researchers believe will escalate," the researchers say. "For example, groups can pool device resources to create powerful botnets, they can create databases of devices to conduct highly-targeted attacks, or they can build new streams of revenue by selling access to devices under their control to the highest bidder."

On top of its Hummingbad victims, Yingmob controls around 85 million devices globally. Naturally, the company is also able to sell access to the infected devices, along with sensitive information. And while its attack is global, most victims are in China and India, with 1.6 million and 1.3 million infected users, respectively. iPhone users aren't safe from Yingmob either -- researchers have also found that the group is behind the Yispecter iOS malware (which was quickly blocked by Apple).

Android anti-malware apps like Lookout and Avast can detect Hummingbad infections, and they can prevent you from installing malicious software that could get you infected. But unless you have some hardcore cybersecurity skills, your only solution for fixing an infected device is to completely reset and restore it.

Update: Google representative offered up the following statement about Yingmob: "We've long been aware of this evolving family of malware and we're constantly improving our systems that detect it. We actively block installations of infected apps to keep users and their information safe."

From around the web

ear iconeye icontext file