(control of the operating system) A cybersecurity software firm is warning Android users that at least 10 million devices have likely been infected by a malware called HummingBad. The number of infected devices has spiked since mid-May, according to cybersecurity software maker Check Point, which recently released a detailed analysis of the growing threat.
Keep Your Guard Up
Check Point says HummingBad allows hackers to gain access to a phone and then generate up to $300,000 per month in fraudulent advertising revenue, which is generated by forced downloads of apps and clicking on ads. The hackers are also selling access to the phones to others.
“The first component [of the threat] attempts to gain root access (control of the operating system) on a device with … rootkit [software] that exploits multiple vulnerabilities. If successful, attackers gain full access to a device,” Check Point says. “If rooting fails, a second component uses a fake system update notification, tricking users into granting HummingBad system-level permissions.”
Check Point estimates that more than 85 million smartphones could be at risk of having the HummingBad apps installed, but only a fraction of that include the malicious software, CNET reports.
Source: “10 Million Android Devices Reportedly Infected with Chinese Malware,” CNET (July 5, 2016) and “Android Malware Making $300,000 Per Month in Fraudulent Ad Revenue, 10M Devices Infected,” TechSpot (July 5, 2016)