• Defenx Blog

    HummingBad Malware Returns Worse Than Ever Before

    As stated by the security firm Check Point, there is a new malware referred to as the HummingBad that has infected more than 10m Android devices. The HummingBad virus has been reported to completely take control of tablets and smartphones, steal user information such as bank account passwords, email account and anything else needed for identity theft and sell the information. Cyber security researchers also indicated in their report that the HummingBad can automatically tap on unwanted adverts and download fraudulent applications.

    Check Point Mobile Threat Prevention researchers revealed that they had been continuously keeping track of the HummingBad since its emergence in February 2016 and the malware hit the ten million mark in May.

    The smartphone virus was embedded in more than twenty applications on Google play. When the unsuspecting user downloads the application, the malware infects the Android device in so-called drive-by-download. The HummingBad has cutting edge techniques that allow it to persistently attempt to gain control of the underlying Android system and uses the “root access” to obtain full access to the device. The HummingBad then tests to see if the device is rooted or not. If the malware fails to gain the root access, it initiates a fake update notification that prompts the user to give away almost full control of the device.

    Based on the evidence collected, Check Point established that if the malware infection is successful, attackers gain full control of the Android device immediately. If the rooting process fails, a contingency plan is initiated creating a fake system update notification that tricks the user into granting the virus system-level authorization. The notification will ask the user to authorise system update which is actually giving the malware full control of the system.

    “At this point, HummingBad will download and install APKs generating fraudulent Google Play advertisement revenue,” said Check Point. The malware will go ahead and tap on advertisements to create false advertising revenue without the user’s knowledge. The attacker could then sell the user’s information or even worse sell access to the device.

    According to Check Point Mobile Threat Prevention, 1.6m devices that were infected were from China, 1.35m in India, 100,000 in Australia and UK and the rest from across the world.

    Check point then notified the Google Security Team. Later, the Google team said: “We’ve long been aware of the ever-changing family of malware, and we’re persistently improving our systems that detect it. We diligently block installations of infected apps to keep users and their information safe.”

    Ever since the debut of smartphones, malware targeting iOS and Android systems which make up a majority of smartphones across the world have increased exponentially concerning volume and effectiveness. Both Android and Apple are trying to stay ahead of the game but Apple is doing a better job due to their implicit control of both software and hardware. Whenever a new version of iOS emerges, users are advised to upgrade to the latest version which is usually more secure. On the other hand, Android devices not controlled by Google can take even years to update to the latest version.

    Since the HummingBad emerged, the Android-maker has taken extra security measures such as separating security patches from the rest of the system. Such features allow frequent security updates on monthly basis for Pixel and Nexus devices. Third-party Android manufacturers such as LG and Samsung are following Google’s lead and are implementing more effective security patches.