The headlines are alarming: More than 10 million Android devices worldwide have been infected with a form of Chinese malware that not only steals and sells information from the devices, but installs more malware and clicks on ads as part of a scheme that’s earning hackers more than $300,000 per month in revenues.
Known as Hummingbad, this latest malware has already infected nearly 300,000 devices in the U.S., and continues to spread. What makes this particular infection so dangerous is that with little more than a single visit to an infected website, the malware installs itself and gains root access to your phone within minutes. In layman’s terms, this means that it won’t take long for the hackers to have full access to everything on your phone, including your contacts, banking information, and access to any applications you have installed.
The good news is that Hummingbad is a known entity now, and most security solutions for Android devices can detect and block the malware — but only if you have one installed. While installing such protection for your device is the best way to prevent Hummingbad and other malware from infecting your mobile device, it’s also important to understand exactly how the malware works so you can avoid it and take action if your phone is infected.
A Malicious Drive-By Download
Hummingbad is a form of malware known as a drive-by download attack. Essentially, all a user needs to do is visit an infected site — which might be an otherwise legitimate site that has been infected with the malware- and the malware will install on the device. Once the malware takes hold, which it does by exploiting a security weakness in the device operating system, it then attempts to take over the device using root access.
In some cases, the operating system denies the malware root access. In that case, the user is then tricked into giving the malware the access it wants by sending a fake system update alert. Once the user installs the “update,” the malware takes over and begins transmitting data to the hackers.
What makes this particular brand of malware so frightening is its potential for damage. One of the malware’s signatures was a download of a malicious app fro
m the Chinese company Yingmob. More than 50 of the company’s 200 applications were discovered to be malicious, focused on generating ad clicks, displaying ads, and downloading more malicious apps.
Even more concerning was that the remainder of the company’s apps had the potential to be made into malicious apps; with just a few clicks, developers could have turned all of the company’s apps — which have been downloaded onto more than 85 million Android devices worldwide — into malicious apps with the potential to steal identities and more.
Fighting Back Against Hummingbad
Again, because Hummingbad is now a known entity, most security applications have been updated to block the malware. These security apps can also detect whether or not your device has already been infected. If that’s the case, the best solution is usually a factory reset of the device. That has not worked for everyone, though, and some users have been forced to replace their devices. In either case, if you determine that your device is infected, you need to take precautions to protect your personal information, including changing passwords and investing in identity monitoring.
If you have not been infected, your best defense is a mobile security solution. It’s also important to update all operating system updates issued by your device manufacturer as soon as they are released. In many cases, those who were infected by Hummingbad were running older versions of Android and did not have the latest security protections.
Be cautious about the websites that you visit with your mobile device as well. While even popular sites can be infected, it’s less likely than when you visit sites that are lesser known or associated with common hacker activity. Never download apps from unknown sources, and scan all apps with security software before installing.
While Hummingbad is certainly cause for concern, it’s unlikely to cause widespread identity theft or data breaches now that it is a known threat. When you use the right security tools and caution, chances are it will never even come close to your mobile device.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.