Checkpoint researchers report that a cybercrime gang called Yingmob is using the HummingBad malware to exploit millions of Android devices around the world:
Yingmob uses HummingBad to control 10 million devices globally and generate $300,000 per month in fraudulent ad revenue. This steady stream of cash, coupled with a focused organizational structure, proves cyber criminals can easily become financially self-sufficient.
Emboldened by this independence, Yingmob and groups like it can focus on honing their skill sets to take malware campaigns in entirely new directions, a trend Check Point researchers believe will escalate. For example, groups can pool device resources to create powerful botnets, they can create databases of devices to conduct highly-targeted attacks, or they can build new streams of revenue by selling access to devices under their control to the highest bidder.
While HummingBad is currently being used for ad click fraud there is a danger that it could be used for other, more malicious attacks in future.
Keeping your version of Android up-to-date with the latest security patches helps to make it harder for the criminals to get a foothold on your device, as does not installing apps from anywhere other than the official Google Play store.
There’s a real problem with many Android phones – and that is that they don’t receive security updates. Google updates the Android operating system, and *some* manufacturers (Google, Samsung, etc) roll the updates out to their customers – but many don’t. And that means there are many many Android phones out there which are running out of date versions of the operating system, with security holes that have been known about for months, if not years.
It’s a very different story on iOS, where Apple has a much higher level of control – and has had a far higher degree of success at getting users to update their devices.
Some don’t like the high level of control Apple exerts over its users and devices, but the numbers don’t lie. There are millions of examples of Android malware, and barely a handful for iOS.
It sounds as if most of the Hummingbird infections have been taking place in China and India, where use of alternative app markets is more common.
There’s a good executive non-technical summary of the situation by Dan Tynan in The Guardian.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.