HummingBad Android malware rips into 85 million devices worldwide – Inquirer

A GROUP OF Chinese hackers has created a malware campaign that affects 85 million Android devices and pulls in a quarterly criminal haul of $1m.

Security company Check Point has had its eye on the Yingmob gang for five months, describing it as sophisticated, well-staffed, rolling in cash, and a bit of a shit.

The tool of the trade is a piece of malware called HummingBad, and the group works alongside an official advertising analytics company, according to Check Point’s From HummingBad to Worse report (PDF).

“HummingBad is a malware Check Point discovered in February 2016 that establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps,” Check Point explained in a blog post.

“Yingmob runs alongside a legitimate Chinese advertising analytics company, sharing its resources and technology. The group is highly organised with 25 employees that staff four separate groups responsible for developing HummingBad’s malicious components.”

The bounderware has parts that look and stink like the YiSpecter problem that went after Apple users and the iOS landscape and mostly affected people in China. Check Point said that this is no coincidence and that the source is the same, suggesting that the gang is happy to pee on its own doorstep.

“Yingmob uses HummingBad to generate $300,000 a month in fraudulent ad revenue. This steady stream of cash, coupled with a focused organisational structure, proves that cyber criminals can easily become financially self-sufficient,” added the firm.

“Emboldened by this independence, Yingmob and groups like it can focus on honing their skills. For example, groups can pool device resources to create powerful botnets, they can create databases of devices to conduct highly targeted attacks, or they can build new streams of revenue by selling access to devices under their control to the highest bidder.” µ