Security firm warns of widespread Android malware threat

  • Share:
July 13, 2016

Subtitle: HummingBad now used to generate revenue but could have more sinister purposes

I read a report recently that, as an exercise, college students were able to extract personal information from Android cell phones that had gone through a Security reset. Now this taken from a report I found in Consumer Affairs:

Check Point, a cyber security firm, has warned that millions of Android phones are infected with a dangerous malware known as HummingBad.

The company says it discovered the malware in February, warning that it establishes a rootkit on Android phones. The purpose of the malware is to generate fraudulent advertising revenue, but it could potentially have other sinister purposes.

Check Point said it made the discovery when its researchers gained “unprecedented access” to the Chinese cyber criminals who developed it. The group, called Yingmob, works in tandem with a legitimate Chinese advertising analytics company.

Check Point made the discovery when it followed a slender trail of data that led to the Chinese hackers' servers, giving them an inside look at what turned out to be a fairly vast criminal enterprise.

The Chinese group is described as highly organized with 25 employees. These employees are divided into four groups that are responsible for developing HummingBad.

Highly profitable

In a report, Check Point researchers say the scam generates around $300,000 a month, but financial gain is just the tip of the iceberg. When the group is successful in its attack on a phone, it can create a botnet, carry out targeted attacks on businesses or government agencies, and even sell the access to other cybercriminals on the black market.

Data on compromised devices is at risk, including enterprise data if the owner happens to be using the phone for both personal and business purposes. Being able to access this data, the researchers say, creates a steady stream of income.

Emboldened by financial and technological independence, their skillsets will advance – putting end users, enterprises, and government agencies at risk,” the authors warn.

According to technology website CNET, the most effective way to get rid of HummingBad is also pretty extreme: a factory reset.

So backup your files and contacts, write down your favorite apps, and then reset your phone,” the site advises.

The way to avoid becoming infected again is advice you probably have heard before – don't download apps from untrusted sources.”

Click here for more information on our IDShield plan. You need to protect yourself from ALL areas of identity theft, not just credit card. Also, read your contract closely when being offered 'free' monitoring. Or better yet, have your LegalShield provider attorney review as part of your membership.

Check out six short videos to learn more here about LegalShield.

Then you can get more detailed information about all the benefits of LegalShield and IDShield.

Have you ever needed a quick answer to a legal question? With Ask LegalShield, you now have access to over 1,200 commonly asked legal questions and answers right in your pocket, and it's free!

Phil Liso, Contact
(562) 322-7376