New major threat to Android devices: HummingBad malware

By July 22, 2016 Article, Security

A recent report released by the security firm Check Point shows that 10 million Android devices have become infected with HummingBad malware. This malware is capable of completely taking over a smartphone or tablet, allowing hackers to steal and sell the device owner’s information. The malware’s main functions seem to be downloading unauthorized apps and clicking on ads, which generate revenue—more than $300,000 per month!—for the attackers. According to Check Point, the source of HummingBad appears to be Yingmob, a Chinese cyber criminal organization that has the malware in a number of their apps.

The most common way for you to become infected is through a drive-by-download attack or by downloading an app from a third-party site (not Google Play). In this scenario, if you happen to end up on the wrong site, the malware will attempt to gain access to your device though the Android system, then use root access to take control. If that access method doesn’t work, the malware will try to trick you with a fake update notification that grants access once you click it. After one of these actions takes place, the hackers assume full control of your device, so they can then download apps or click on ads. The scariest part is that the hackers could sell access to your device or your personal information on it.

Luckily (if you want to call it that) for those of us here in the U.S., Check Point reports that of the 10 million users infected, only about 300,000 are here in the States. China and India lead the list with around 1.5 million infections each. Of course, those numbers may increase going forward.

All is not lost if you find out your device is infected though. There is a way to fix your device on your own, but you’ll probably not be thrilled to find out exactly how that’s achieved…

First you need to find out if you even have the malware. Unfortunately, if you use a computer or any kind of technology you’ve surely heard of malware; you’ve likely even experienced it. Fortunately though, today’s widespread attacks mean that there are now many solutions out there to aid you in detecting malware. Cyber security companies have taken notice of the trend in mobile malware and have created apps that help you detect if you have malicious software on your device. You can find these helpful apps on the Google Play store.

If you’ve detected malicious software, your next step is to remove it. I mentioned earlier that you could remove HummingBad on your own, but that you weren’t going to be thrilled with the method for doing so: Factory reset. Yes, unfortunately you will have to do a complete factory reset, but hey, at least your device will be safe again. It’s wise to back up your files and contacts before the reset of course, and then only re-install apps from trusted sources. In order to prevent this sort of thing from happening again, you’ll want to only download apps from trusted sources in the future.

Part of the reason the U.S. is lower on the list of infected countries is because more people download apps from the Google Play store, for which Google uses a process for checking the apps allowed in the store. In other countries, like China, third-party app sources are more widely accepted. Obviously downloading apps from the Google Play store isn’t an iron-clad approach that will keep you completely protected, but it will help.

If the seemingly constant barrage of new threats makes you worry, give us a call so we can help ensure your business is safe.