HummingBad was discovered by a cyber security software firm named Check Point and it’s a malware created by people who work at Yingmob, an important Chinese company that deals with advertising analytics. The developers have managed to infect over ten million Android phones and to produce up to $300,000 a month in ad revenue
There’s a new bad boy around and its name is HummingBad. Once it gets inside an Android device, this malware obtains root access using rootkit and if it fails to do that, it has a plan B: it tries to trick the owner to give it system-level permissions, by sending fake update notifications. If the user falls into the trap, he’s giving the malware free hand to do whatever it wants with the device.
This is where chaos begins. The malware starts clicking on ads and downloads applications that bring money into its “pocket”. Every month, HummingBad is capable of generating up to $300,000 and this money is also gathered from sold information that’s stored on devices.
Check Point has reported that 85 million people have installed Yingmob’s applications on their devices, but the percentage of phones infected with the malicious software is much smaller. The counties with the most infected devices are China (1.6 million) and India (1.35 million), while in the U.S., there are only 288,800 victims.
Check Point has discovered the malware in February and it kept monitoring it since then. HummingBad’s developers are part of Yingmob’s “Development Team for Overseas Platform”, and the team has in total 25 members. “Yingmob may be the first group to have its high degree of organization and financial self-sufficiency exposed to the public, but it certainly won’t be the last,” said Check Point. Both Yingmob and Google have been contacted for an official statement, but none of the companies has responded to requests.