At least 10 million Android devices have been infected by
malware called HummingBad, according to cybersecurity software maker
Check Point. Check Point, which has been tracking the malware since it was "Yingmob has several teams developing legitimate tracking and ad
platforms," Israel-based Check Point said in the analysis released
Friday. "The team responsible for developing the malicious components is
the 'Development Team for Overseas Platform' which includes four groups
with a total of 25 employees." HummingBad began as a "drive-by download attack," in which phones were infected when people visited websites. "The first component attempts to gain root access on a device
with...rootkit [software] that exploits multiple vulnerabilities. If
successful, attackers gain full access to a device," Check Point said.
"If rooting fails, a second component uses a fake system update
notification, tricking users into granting HummingBad system-level
permissions." The bulk of victims are in China and India, with 1.6 million and 1.35
million cases respectively. The Philippines, Indonesia and Turkey are
toward the top of the list, too. The US has 288,800 infected devices.
The UK and Australia each have fewer than 100,000 devices affected. has published an analysis
of the threat. For months, the number of infections were steady but
they spiked sharply in mid-May. What makes HummingBad particularly
interesting is the group behind
it, which according to Check Point is a team of developers at YingMob, an otherwise legitimate, multimillion-dollar advertising analytics agency based in Beijing. Which tactics can be used to mitigate HummingBad? Share your solution with the Cloud and Cyber Security Center.
No comments:
Post a Comment