Cybersecurity experts Check Point have estimated that more than 10 million Android devices worldwide have been infected by Chinese malware.
Check Point discovered the malware called HummingBad in February, and have seen a considerable spike in infected devices since.
The malware is a multistage attack chain with two main components, it first infects Android devices when certain websites are visited. Basically the malware infects your device and then generates fraudulent ad revenue and installs additional fraudulent apps.
Check Point have discovered that an otherwise legitimate, Chinese mobile advertising analytics agency known as Yingmob is responsible for the malware.
“Yingmob has several teams developing legitimate tracking and ad platforms. The team responsible for developing the malicious components is the “Development Team for Overseas Platform” which includes four groups with a total of 25 employees,” the report read.
“This group created a malware that takes over Android devices and generates $300,000 (USD) per month in fraudulent ad revenue.”
Check Point state that financial gain is just the tip of the iceberg:
- The group tries to root thousands of devices every day and is successful in hundreds of attempts
- With these devices, a group can create a botnet, carry out targeted attacks on businesses or government agencies, and even sell the access to other cybercriminals on the black market
- Any data on these devices is at risk, including enterprise data on those devices that serve dual personal and work purposes for end users
At the moment it’s estimated that fewer than 100,000 devices are infected in Australia. While this is good news, there is potential for that number to get much higher.
Am I infected?
Most anti-virus software will be able to easily detect the malware, so make sure you’re protected by a reputable anti-virus.
My phone’s infected, what now?
You could painstakingly remove it, said Dan Wiley, head of incident response at Check Point, if you're a cybersecurity black-belt with a speciality in malicious mobile apps. If not, it’s recommended you backup your files and contacts, write down your favourite apps, and then factory reset your phone.
How can I stop this from happening again?
With this particular type of malware it can be difficult to prevent infection from ever happening again, but there are a few good practice steps that can help.
Make sure you have a reputable anti-virus on your device that can detect malware, the tools for catching HummingBad on mobile phones are now public information, so most services will be able to detect the app running on your phone.
Finally, never download apps from untrusted sources. Only download applications from trusted sources like Google Play or the App Store, while these apps are never 100% safe, they have at least gone through vetting from Google and Apple.
The rise of malicious apps such as HummingBad highlights the need to always have Plan B to protect your data. Yingmob showed that a small group of criminals could launch a widespread attack to create a large network of infected phones called "bots." These bots have the ability to generate targeted attacks against governments or businesses since infected phones are at the mercy of criminals.