Latest Posts

Finding Houses For Your New Property Business

Last time we looked at Market studies, one of the subjects to be researched turned into houses that might be present to be had...

The screen recording software that is available nowadays runs the gamut between the most basic of recorders to advanced tools with lots of options....

Bill Shorten rebukes Stephen Conroy over attack on governor general

Bill Shorten has rebuked a senior member of his team for making remarks critical of the governor-general. On Monday morning, Stephen Conroy accused Sir...

No Brexit general election if Boris Johnson wins Tory leadership

It is understood that Boris Johnson would not call a general election immediately if he won the Conservative party leadership election and took over...

HummingBad Android malware: who did it, why, and is your device infected?

Researchers revealed that a Chinese advertising company had created one of the most pernicious pieces of Android malware yet. They estimated it had infected 10m Android handsets worldwide. Dubbed “HummingBad” by researchers at the security firm Check Point, it’s one of the biggest attacks to date on Android – the world’s most popular mobile operating system, which runs on more than 80% of all smartphones as well as tablets.

3232

HummingBad malware infects 10m Android devices.

While this attack isn’t catastrophic, it opens the door for future attacks that could be, say, security experts. Researchers haven’t been able to say which Android handsets are most susceptible but say that as many as 85m of the world’s Android devices are vulnerable.

Who did this, and why?

According to a report by Check Point, the main purpose of the HummingBad malware is to trick users into clicking on mobile and web ads, which generates advertising revenue for its parent company, Yingmob – a practice known as “click fraud.” It’s a lot like the browser toolbars designed to deliver ads to your computer a decade ago, says Dan Wiley, head of incident response for Check Point.

But HummingBad is far worse. Because the malware gains “root access” the Android – the very heart of your phone’s operating system – and then calls home to a server controlled by Yingmob, it could be used to do virtually anything the attacker wants it to do, from spying on your personal information to stealing your bank login details.

Even if the malware creators only use it for click fraud, they could decide to sell the rootkit on the internet’s black market, says Wiley. “It’s an extreme nuisance, with the potential to turn into a really nasty event,” he adds.

It’s like a burglar who finds a secret passage into your home, sprays graffiti on your walls, and eats all the food in the fridge. Later he could come back to ransack your house and steal all your money or share knowledge of the secret passage with someone who will.

“Rooting an Android device is not an inherently evil practice,” notes Andrew Brandt, director of threat research for security firm Blue Coat Systems. “Many people root their own phones to control the behavior of their mobile devices more tightly. But rooting done without the knowledge and consent of the owner of the device is an inherently hostile act.”

How did it get so bad?

According to Wiley, most people probably got infected because they installed a less-than-hygienic app from a third-party Android store or website. Check Point, he adds, did not find any of the malware-infested apps on Google Play, the primary source of Android apps for most US consumers. Other people may have visited a dodgy website, which prompted them to install a piece of software containing a hidden payload. And once installed, the malware invited even more of its nasty friends to the party, downloading additional payloads.

The vast majority of the 10m infected handsets reside in China and India, indicating third-party app stores – far more popular overseas – as the most likely sources. But around 250,000 are based in the US, so it could be people traveling from Asia to the US or simply people who ignore Android’s default settings and allow app installs from third-party sites, Wiley explains.

Latest Posts

Finding Houses For Your New Property Business

Last time we looked at Market studies, one of the subjects to be researched turned into houses that might be present to be had...

The screen recording software that is available nowadays runs the gamut between the most basic of recorders to advanced tools with lots of options....

Bill Shorten rebukes Stephen Conroy over attack on governor general

Bill Shorten has rebuked a senior member of his team for making remarks critical of the governor-general. On Monday morning, Stephen Conroy accused Sir...

No Brexit general election if Boris Johnson wins Tory leadership

It is understood that Boris Johnson would not call a general election immediately if he won the Conservative party leadership election and took over...

Don't Miss

Trains, buses and automobiles

Londoners have a tempestuous relationship with transport, and Ken Livingstone will be an outlet for their anger or gratitude come May 1. Whatever you...

The Automobile Club of Egypt by Alaa al-Aswany review – a country on the brink of violent change

In the days before Egyptian President Hosni Mubarak was ousted in February 2011, Alaa al-Aswany, dentist, novelist, and founder member of the democratic movement...

5 Places to Visit that will make you fall in love with Utah

Utah is the apple-of-the-eye of outdoor freaks, with more than 80% of the state set aside for public use. This means lots and lots...

West Indies book final with Australia after Proteas collapse

Australia will face West Indies in an ODI tri-series final after South Africa meekly surrendered to the hosts by 100 runs in Barbados. In...

The MLB prospect chasing a T20 dream: ‘I’m going all in with cricket’

As far as cultural adjustments go, the traffic jams in Bangalore grabbed the attention of Boomer Collins. Born in the open spaces of Dallas,...

Stay in touch

To be updated with all the latest news, offers and special announcements.