1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Android malware making $300,000 per month in fraudulent ad revenue, 10M devices infected

By Jos ยท 11 replies
Jul 5, 2016
Post New Reply
  1. Another day another Android malware report. This time cybersecurity software maker Check Point reports that at least 10 million devices have been infected by a new malware dubbed HummingBad that’s netting its Beijing-based creators up to $300,000 in monthly revenue through the forced downloading of apps and clicking of ads.

    Curiously, the company behind the attack is said to also run a legitimate advertising analytics business. According to the report (PDF), Yingmob has several teams developing tracking and ad platforms, while the malicious component was developed by the 'Development Team for Overseas Platform' which includes four groups with a total of 25 employees.

    HummingBad uses a “drive-by-download” attack in which phones are infected when visiting a malicious website. It first tries to gain root access by exploiting multiple known Android vulnerabilities. If rooting fails a second component uses a fake system update notification to trick users into granting system-level permissions.

    Once a phone is infected HummingBad will generate fraudulent ad revenue and install additional fraudulent apps. Check Point believes the group behind the attack can further escalate the attack by pooling resources from over 10 million devices to create powerful botnets, conduct highly-targeted attacks, or build new streams of revenue by selling access to devices under their control to the highest bidder.

    The bulk of infected devices are in China, India, Philippines, Indonesia, Turkey and Brazil. The US is eighth on the list with 288,800 infected devices. As many as 90% of those infected are running either Kitkat or Jelly Bean versions of Android, with Lollipop, Ice Cream Sandwich and Marshmallow making up the remaining 10%.

    Permalink to story.

  2. bexwhitt

    bexwhitt TS Evangelist Posts: 414   +128

    If you are talking about $300,000 per month for the whole world, it's really chump change with a big sensualist title to a blog post.
    veLa likes this.
  3. Sancticide

    Sancticide TS Enthusiast Posts: 44   +18

    I would say its significant given that most infected devices are in China, India, and Philippines. I mean, a 10 million node botnet is nothing to sneeze at, if it's true. Even Conficker never got half that big.
  4. captaincranky

    captaincranky TechSpot Addict Posts: 15,072   +4,080

    Are you sure you meant "sensualist"? Because a malware article isn't the context where one normally encounters that particular term. http://www.merriam-webster.com/dictionary/sensualism

    My personal feeling is that one should know how to read and/or spell before one starts slamming the staff writers.

    Besides, 300 grand a month wouldn't be, as you say, "chump change, if it were coming out of your pocket, now would it?
  5. atcapistrano

    atcapistrano TS Member Posts: 30

    Under android task manager, how to detect for these fraudulent apps?
    James38 likes this.
  6. Timonius

    Timonius TS Evangelist Posts: 648   +58

    Is this because J and K are less secure? It might have been helpful then if both Google and especially the carriers made an upgrade to L or even M more readily available. I know hardware might be an issue, but that is why today's updated OSes need to be able to support older hardware.
  7. Sonyboyj

    Sonyboyj TS Rookie

    It mainly has to do with Jellybean and Kitkat having the largest user base not alot of phones have M.

    Its called a anti-virus ppl use one. I'm very careful for Avast has stopped a trojan that I got from a pop-up that auto downloaded a apk to my tablet. But of course I wasnt gonna install the damn app anyway
  8. Sonyboyj

    Sonyboyj TS Rookie

    Apps you get from outside the playstore are more likely to be malicious. I recommend you install a AV on your phone
    Sancticide likes this.
  9. DAOWAce

    DAOWAce TS Booster Posts: 292   +42

    I recommend you don't have a phone.
  10. Sonyboyj

    Sonyboyj TS Rookie

    How so. nothing wrong with a AV
  11. DAOWAce

    DAOWAce TS Booster Posts: 292   +42

    But there's everything wrong with phones.
  12. captaincranky

    captaincranky TechSpot Addict Posts: 15,072   +4,080

    I'm a Windows baby, right? So I go out and buy a tablet, pull it out of the box, and it doesn't, and will not do s***, without going to , "the app store". Jiminy Crickets, at least with Windows, you can still look at and import pictures without installing anything.

    And worst of all, Android, (AFAIK), won't give you access by command line. Now that's when an OS becomes a true OS! When you can type stuff in and tell it what to do, and it listens, then does it(y) IE: "fixmbr"

    Meh, maybe I'll surrender to iHerd one of these days and get a "smartphone"! Like right after I can get one with a CD/DVD ..drive.;)*nerd*

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...