Malware affects over 85M Android devices; Philippine users among top 3

  • Millions of Android devices are affected by a Malware released by a Chinese firm
  • In the list of top 20 countries most affected by the malware, the Philippines ranks third
  • The malware is used to earn fraudulent ad revenue amounting to around $300,000 monthly

Over 85 million Android devices are currently infected and controlled by a malware called HummingBad that was released by a Chinese firm to earn fraudulent ad revenue.

Researchers stated that the malware earns about $300,000 monthly.

The software intelligence blog, Check Point, explained to the public through a post that the YingMob group was the one who released HummingBad.

Interestingly, YingMob is connected to a legitimate advertising firm that Check Point said shares technology and resources with the malware group. Check Point claims the firm is a Beijing-based multimillion-dollar advertising analytics agency.

“Yingmob has several teams developing legitimate tracking and ad platforms. The team responsible for developing the malicious components is the ‘Development Team for Overseas Platform’ which includes four groups with a total of 25 employees,” Israel-based Check Point said in their post.

The blog further explained that what HummingBad does is that it “establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps.”

The malware has rooting capabilities which means that the YingMob is able to create a botnet and carry out targeted attacks on organizations and government agencies. They could potentially sell access of the botnet to other cybercriminals. This risks the data that is in the infected devices.

Almost 10 million users are using infected applications. In the list of the most affected countries posted by CNBC, the Philippines rank third with over 520,000 people using infected applications. The top 2 are China and India; each with over 1 million infections, respectively.

Dan Wiley, the head of the incident response team of Checkpoint, told The Guardian that most people got infected because they installed a “less-than hygienic” app from a third-party Android store. People must have visited a dubious website that prompted them to install a piece of software containing a hidden payload and once this is installed, the malware invites even more of its friends.