Hummingbad Malware: Have you heard of it?

Rachiyta JainCyber Security

According to the Kaspersky labs, there are 315,000 new viruses being created daily. Adding to this figure, in February this year, researchers from CheckPoint software technologies identified a new malware and named it as the Hummingbad Malware. It is an adware, that establishes a persistent rootkit on android devices, generates fraudulent ad revenue and installs additional fraudulent apps. A persistent rootkit in simple terms would be an exclusive access to your device, meaning, the attacker can through this malware do anything, literally with your device. A rootkit can cause random image clicks or live front cam feed and even tweaking your smartphone’s processor settings.

How bad is the Hummingbad Malware?

According to CheckPoint, a market leader in security products, around 10 million devices are using such malicious apps loaded with the Hummingbad Malware. Victims are spread worldwide, with China (1,606,384) and India (1,352,772) taking the lead. The infection largely depends on the android version. KitKat(50%) is the most infected, followed by JellyBean(40%), Lollipop(7%), Ice Cream Sandwich (2%) and Marshmallow(1%).
The Chinese company who built the Hummingbad Malware is estimated to make $30,000 every month out of it. Each click gives the company $0.00125. The apps display more than 20 million advertisements per day while HummingBad installs more than 50,000 fraudulent apps per day increasing their revenue every day.

image

image

Pictures: CheckPoint’s report on Hummingbad

The fact that attackers can install an app onto your device without your knowledge would definitely freak out a lot of you, but that is not all. They can get complete control of your device and access anything like images, contacts, messages, camera snaps and much more.If you don’t want this to happen to you, here is what you can do to begin with.

-Stop downloading apps from untrusted sources, download only if the app is available on the Play Store.

-Update your device regularly and perhaps install an antivirus from a trusted source and not the free versions, easily available online. Avast Mobile security and Kaspersky antivirus are a few good options.

-Scan your device. If you find something suspicious, go for a factory reset. Painful? Of course, but staying protected is more important. However, it cannot protect you from persistent rootkits.

Special thanks to Mr. Vatsal Jain, for sending his post to us. I hope you enjoy reading it as much as we enjoy sharing it.