HummingBad Malware Infects 85 Million Android Devices

A malware program created by a highly organized Chinese hacking collective has gained control of 85 million Android devices, which the group is exploiting to the tune of $300,000 a month. The group, which researchers say is responsible for developing the HummingBad malware campaign, represents a dramatic increase in the organization and capabilities of hacking groups, according to security firm Check Point.

Dubbed Yingmob, the hacking group is also believed to be the brains behind the iOS malware campaign known as Yispecter. The group is highly organized and works alongside a legitimate Chinese advertising analytics company, according to Check Point, which uncovered the connection between Yingmob and HummingBad.

Sustainable Hacking

Check Point first discovered evidence of the HummingBad malware campaign in February. The malware consists of a persistent rootkit, which the hackers install on Android devices. The group then uses that rootkit to generate fraudulent ad revenue and install additional fraudulent apps. Yingmob has 25 employees organized into four different groups who are responsible for developing HummingBad?EU?s malicious components, according to Check Point researchers.

Yingmob?EU?s efforts have paid off. The group has been able to achieve self-sufficiency, proving that hacking groups can now generate enough income from their illegal activities to sustain themselves indefinitely. But financial gain is only the tip of the iceberg, according to the researchers.

The hackers try to root thousands of devices every day, and are able to successfully get its malware installed on devices hundreds of times each day. Yingmob can then use those devices to create a botnet, enabling the group to launch more targeted attacks against businesses and government agencies, or even sell the access it has gained on the black market.

Crime Has Never Paid So Well

All of which is very bad news for Internet security, Check Point said in its "From HummingBad to Worse"...

Comments are closed.