A new blog post published by CheckPoint has surfaced claims of new Android malware called HummingBad infecting 85 million different devices which puts personal data at risk. This new virus also seems to install different pieces of malware alongside it to begin taking over the devices. Multiple ads sold by the Chinese company who is in control of this bug are also making their way to the affected devices and generating around $4 million every year.
It’s reported that HummingBad’s full group is made up of 25 employees who constantly are working to bring more ads to infected Android devices. So far, more than 20 million ads have appeared every single day with more to come on the same basis. And as per CheckPoint, it seems that this groups focus is simply generating revenue rather the need for personal information. Obviously, with any malware your data is at risk, however at least we know that’s not what they’re targeting.
An excerpt from CheckPoint’s blog post explains how HummingBad is going about installing this malware on millions of Android devices.
The group tries to root thousands of devices every day and is successful in hundreds of attempts. With these devices, a group can create a botnet, carry out targeted attacks on businesses or government agencies, and even sell the access to other cybercriminals on the black market. Any data on these devices is at risk, including enterprise data on those devices that serve dual personal and work purposes for end users …
The majority of devices infected with HummingBad’s software are located in China and India, however over a quarter of a million Android-powered gadgets in the US have been discovered to be bug infested as well. And with 50,000 different applications sent from HummingBad being installed on a variety of Android devices regardless of which version they’re running, these numbers are bound to continue growing.
As of now, there’s no definitive solution to getting rid of HummingBad’s software. However, the best word of advice we can give you is to make sure you can only install apps via the Play Store by going into Settings > Security on your device and unchecking “Unknown sources” if you have it enabled. If you don’t perform this action, you’ll remain vunerable for HummingBad to install mystery software you’re not aware of without any authorization required. Also, be careful about where you download data to your device as downloading from unknown websites can create an open doorway for malware to leak into your system.