HummingBad Malware Infects Some 10 Million Android Devices - How to Mitigate?

At least 10 million Android devices have been infected by malware called HummingBad, according to cybersecurity software maker Check Point. Check Point, which has been tracking the malware since it was "Yingmob has several teams developing legitimate tracking and ad platforms," Israel-based Check Point said in the analysis released Friday. "The team responsible for developing the malicious components is the 'Development Team for Overseas Platform' which includes four groups with a total of 25 employees." HummingBad began as a "drive-by download attack," in which phones were infected when people visited websites. "The first component attempts to gain root access on a device with...rootkit [software] that exploits multiple vulnerabilities. If successful, attackers gain full access to a device," Check Point said. "If rooting fails, a second component uses a fake system update notification, tricking users into granting HummingBad system-level permissions." The bulk of victims are in China and India, with 1.6 million and 1.35 million cases respectively. The Philippines, Indonesia and Turkey are toward the top of the list, too. The US has 288,800 infected devices. The UK and Australia each have fewer than 100,000 devices affected. has published an analysis  of the threat. For months, the number of infections were steady but they spiked sharply in mid-May. What makes HummingBad particularly interesting is the group behind it, which according to Check Point is a team of developers at YingMob, an otherwise legitimate, multimillion-dollar advertising analytics agency based in Beijing. Which tactics can be used to mitigate HummingBad? Share your solution with the Cloud and Cyber Security Center.