Android users warned of HummingBad malware, as millions of devices infected

Android users warned of HummingBad malware, as millions of devices infected

Checkpoint researchers report that a cybercrime gang called Yingmob is using the HummingBad malware to exploit millions of Android devices around the world:

Yingmob uses HummingBad to control 10 million devices globally and generate $300,000 per month in fraudulent ad revenue. This steady stream of cash, coupled with a focused organizational structure, proves cyber criminals can easily become financially self-sufficient.

Emboldened by this independence, Yingmob and groups like it can focus on honing their skill sets to take malware campaigns in entirely new directions, a trend Check Point researchers believe will escalate. For example, groups can pool device resources to create powerful botnets, they can create databases of devices to conduct highly-targeted attacks, or they can build new streams of revenue by selling access to devices under their control to the highest bidder.

While HummingBad is currently being used for ad click fraud there is a danger that it could be used for other, more malicious attacks in future.

Keeping your version of Android up-to-date with the latest security patches helps to make it harder for the criminals to get a foothold on your device, as does not installing apps from anywhere other than the official Google Play store.

There’s a real problem with many Android phones – and that is that they don’t receive security updates. Google updates the Android operating system, and *some* manufacturers (Google, Samsung, etc) roll the updates out to their customers – but many don’t. And that means there are many many Android phones out there which are running out of date versions of the operating system, with security holes that have been known about for months, if not years.

Sign up to our free newsletter.
Security news, advice, and tips.

It’s a very different story on iOS, where Apple has a much higher level of control – and has had a far higher degree of success at getting users to update their devices.

Some don’t like the high level of control Apple exerts over its users and devices, but the numbers don’t lie. There are millions of examples of Android malware, and barely a handful for iOS.

It sounds as if most of the Hummingbird infections have been taking place in China and India, where use of alternative app markets is more common.

There’s a good executive non-technical summary of the situation by Dan Tynan in The Guardian.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.