Android malware known as HummingBad has so far infected 85M devices, putting data at risk, installing further malware and displaying ads sold by the Chinese company controlling it. The claims appear in a blog post by CheckPoint, the security company that first detected the malware.
The group tries to root thousands of devices every day and is successful in hundreds of attempts. With these devices, a group can create a botnet, carry out targeted attacks on businesses or government agencies, and even sell the access to other cybercriminals on the black market. Any data on these devices is at risk, including enterprise data on those devices that serve dual personal and work purposes for end users …
The group behind HummingBad is said to be highly organised and have 25 employees working for it. While the main countries affected to date are China and India, there are currently more than a quarter of a million U.S. devices infected. The malware has been found on devices running all versions of Android.
CheckPoint says that so far the group’s focus appears to be on generating ad revenue, HummingBad apps displaying more than 20M ads per day and generating revenue of around $4M per year. However, the malware is also installing more than 50,000 apps a day, suggesting that infected devices could also be used as a botnet in other ways in future.
No information is yet available on how to remove HummingBad. As always, the safest course of action is to exercise care over the apps you install, sticking to the Google Play store and apps from known developers or which have a decent number of genuine-looking reviews.