Tried-and-true Triada supplants Hummingbad as top mobile malware

And the most prevalent malware family overall is….

David Bisson @DMBisson

Traida

Hummingbad is no longer the web’s “most wanted mobile malware.” That dubious honor goes to Triada.

Since February 2016, Check Point’s Threat Intelligence Research Team has ranked Hummingbad as the top mobile malware in its Global Threat Impact Index.

It’s understandable why they would. In part distributed by drive-by downloads off of adult websites, the complex Android rootkit helps criminals generate fraudulent ad revenue to fund their enterprises.

Email Sign up to our newsletterSign up to Graham Cluley’s newsletter - "GCHQ"
Security news, advice, and tips.

One gang called Yingmob had infected 10 million Android devices with Hummingbad as of July 2016. With that number of compromised devices, a criminal could expect to rake in $300,000 of ad revenue–per month!

Hummingbad flow

But the winds have since changed course.

In its January 2017 report, Check Point named Triada as the chief mobile threat. No doubt they made their decision because of the modular backdoor’s ability to infect the Zygote process, a core Android operating system. A module that enabled the malware to embed its DLL into the processes of four mobile browsers, thereby allowing attackers to intercept users’ web requests and send them to a web page of their choosing, no doubt also played a role.

Zygote en 2 786x1024 768x1001

Even so, Check Point found that mobile malware accounted for only nine percent of attacks on its January index. For that reason, neither Triada nor Hummingbad registered among the top malware threats, when including non-mobile devices. The most popular malware families typically used spam emails, downloaders, and other techniques to make the list.

Check Point’s researchers explain in a blog post:

“Globally, Kelihos was the most active malware family affecting 5% or organizations globally, followed by HackerDefender and Cryptowall in second and third place respectively both impacting 4.5% of companies.”

Top 50 malware 2 768x769

To protect against Kelihos, HackerDefender, Cryptowall, and the rest, users need to be on the lookout for suspicious links and email attachments. Organizations can supplement this effort by blocking users from visiting certain kinds of websites, including adult dating services, while connected to the enterprise network on their mobile devices.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.

David Bisson David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.