HummingBad Mucks Up Android’s Works

hummingbad-malware

<

div id=”story-body”>

More than 85 million Android devices worldwide have been taken over by the Yingmob, a group of China-based cybercriminals who created the HummingBad malware, according to a Check Point report released last week.

HummingBad establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps.

If it fails to establish a rootkit, it effectively carpet bombs the target devices with poisoned apps.

HummingBad has been generating revenue of US$300,000 a month, according to Check Point.

graph

The malware runs along with legitimate ad campaigns that Yingmob has produced for its legitimate ad analytics business.

“We’ve long been aware of this evolving family of malware, and we’re constantly improving our systems that detect it,” a Google spokesperson said in a statement provided to TechNewsWorld by company rep Aaron Stein. “We actively block installations of infected apps to keep users and their information safe.”

<

div class=”story-advertisement”>

<

div id=”div-gpt-ad-2396124443331-0″>

<

div id=”google_ads_iframe_/8456/IDG.Ecommercetimes.com_Homepage_0__container__”>c?1:0};var n;a:{var p=b.navigator;if(p){var q=p.userAgent;if(q){n=q;break a}}n=””};var r=-1!=n.indexOf(“Opera”),t=-1!=n.indexOf(“Trident”)||-1!=n.indexOf(“MSIE”),u=-1!=n.indexOf(“Edge”),v=-1!=n.indexOf(“Gecko”)&&!(-1!=n.toLowerCase().indexOf(“webkit”)&&-1==n.indexOf(“Edge”))&&!(-1!=n.indexOf(“Trident”)||-1!=n.indexOf(“MSIE”))&&-1==n.indexOf(“Edge”),w=-1!=n.toLowerCase().indexOf(“webkit”)&&-1==n.indexOf(“Edge”),x=function(){var a=b.document;return a?a.documentMode:void 0},y;a:{var z=””,A=function(){var a=n;if(v)return/rv:([^);]+)()|;)/.exec(a);if(u)return/Edge\/([\d.]+)/.exec(a);if(t)return/\b(?:MSIE|rv): ()|;)/.exec(a);if(w)return/WebKit\/(\S+)/.exec(a);if(r)return/(?:Version)[ \/]?(\S+)/.exec(a)}();A&&(z=A?A[1]:””);if(t){var B=x();if(null!=B&&B>parseFloat(z)){y=String(B);break a}}y=z}var C=y,D={},E=function(a){if(!D[a]){for(var c=0,d=f(String(C)).split(“.”),e=f(String(a)).split(“.”),k=Math.max(d.length,e.length),l=0;0==c&&le)d=a+”&nm=”+d;else var e=e+4,k=a.indexOf(“&”,e),d=0 0) {var c = a.href.substring(0, bi+6); var d = a.href.substring(bi+6, a.href.length);var ei = d.indexOf(“&”);var r = ”;if (ei >= 0)r = d.substring(ei, d.length);a.href = c + t + r; } else {a.href += “&clkt=” + t;}}}(function(){var d=this;var g=String.prototype.trim?function(a){return a.trim()}:function(a){return a.replace(/^[\s\xa0]+|[\s\xa0]+$/g,””)},m=function(a,b){return ab?1:0};var n;a:{var p=d.navigator;if(p){var q=p.userAgent;if(q){n=q;break a}}n=””};var r=-1!=n.indexOf(“Opera”),t=-1!=n.indexOf(“Trident”)||-1!=n.indexOf(“MSIE”),u=-1!=n.indexOf(“Edge”),v=-1!=n.indexOf(“Gecko”)&&!(-1!=n.toLowerCase().indexOf(“webkit”)&&-1==n.indexOf(“Edge”))&&!(-1!=n.indexOf(“Trident”)||-1!=n.indexOf(“MSIE”))&&-1==n.indexOf(“Edge”),w=-1!=n.toLowerCase().indexOf(“webkit”)&&-1==n.indexOf(“Edge”),x=function(){var a=d.document;return a?a.documentMode:void 0},y;a:{var z=””,A=function(){var a=n;if(v)return/rv:([^);]+)()|;)/.exec(a);if(u)return/Edge\/([\d.]+)/.exec(a);if(t)return/\b(?:MSIE|rv): ()|;)/.exec(a);if(w)return/WebKit\/(\S+)/.exec(a);if(r)return/(?:Version)[ \/]?(\S+)/.exec(a)}();A&&(z=A?A[1]:””);if(t){var B=x();if(null!=B&&B>parseFloat(z)){y=String(B);break a}}y=z}var C=y,D={},E=function(a){if(!D[a]){for(var b=0,c=g(String(C)).split(“.”),e=g(String(a)).split(“.”),f=Math.max(c.length,e.length),l=0;0==b&&lc?e=b+f+e:(c+=f.length,f=b.indexOf(“&”,c),e=0b?1:0};var n;a:{var p=d.navigator;if(p){var q=p.userAgent;if(q){n=q;break a}}n=””};var r=-1!=n.indexOf(“Opera”),t=-1!=n.indexOf(“Trident”)||-1!=n.indexOf(“MSIE”),u=-1!=n.indexOf(“Edge”),v=-1!=n.indexOf(“Gecko”)&&!(-1!=n.toLowerCase().indexOf(“webkit”)&&-1==n.indexOf(“Edge”))&&!(-1!=n.indexOf(“Trident”)||-1!=n.indexOf(“MSIE”))&&-1==n.indexOf(“Edge”),w=-1!=n.toLowerCase().indexOf(“webkit”)&&-1==n.indexOf(“Edge”),x=function(){var a=d.document;return a?a.documentMode:void 0},y;a:{var z=””,A=function(){var a=n;if(v)return/rv:([^);]+)()|;)/.exec(a);if(u)return/Edge\/([\d.]+)/.exec(a);if(t)return/\b(?:MSIE|rv): ()|;)/.exec(a);if(w)return/WebKit\/(\S+)/.exec(a);if(r)return/(?:Version)[ \/]?(\S+)/.exec(a)}();A&&(z=A?A[1]:””);if(t){var B=x();if(null!=B&&B>parseFloat(z)){y=String(B);break a}}y=z}var C=y,D={},E=function(a){if(!D[a]){for(var b=0,c=f(String(C)).split(“.”),e=f(String(a)).split(“.”),k=Math.max(c.length,e.length),l=0;0==b&&le)c=b+”&mb=”+c;else{var e=e+4,k=b.indexOf(“&”,e);c=0c?1:0};var m;a:{var n=b.navigator;if(n){var p=n.userAgent;if(p){m=p;break a}}m=””};var q=-1!=m.indexOf(“Opera”),r=-1!=m.indexOf(“Trident”)||-1!=m.indexOf(“MSIE”),t=-1!=m.indexOf(“Edge”),u=-1!=m.indexOf(“Gecko”)&&!(-1!=m.toLowerCase().indexOf(“webkit”)&&-1==m.indexOf(“Edge”))&&!(-1!=m.indexOf(“Trident”)||-1!=m.indexOf(“MSIE”))&&-1==m.indexOf(“Edge”),v=-1!=m.toLowerCase().indexOf(“webkit”)&&-1==m.indexOf(“Edge”),w=function(){var a=b.document;return a?a.documentMode:void 0},x;a:{var y=””,z=function(){var a=m;if(u)return/rv:([^);]+)()|;)/.exec(a);if(t)return/Edge\/([\d.]+)/.exec(a);if(r)return/\b(?:MSIE|rv): ()|;)/.exec(a);if(v)return/WebKit\/(\S+)/.exec(a);if(q)return/(?:Version)[ \/]?(\S+)/.exec(a)}();z&&(y=z?z[1]:””);if(r){var A=w();if(null!=A&&A>parseFloat(y)){x=String(A);break a}}x=y}var B=x,C={},D=function(a){if(!C[a]){for(var c=0,h=e(String(B)).split(“.”),d=e(String(a)).split(“.”),L=Math.max(h.length,d.length),k=0;0==c&&k
</head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0" style="background:transparent" >

<

div id=”google_image_div” style=”height:600px;width:160px;overflow:hidden;position:absolute;”>div,ul,li{margin:0;padding:0;}.abgc{height:15px;position:absolute;right:16px;top:0px;text-rendering:geometricPrecision;width:15px;z-index:9020;}.abgb{height:15px;width:15px;}.abgc img{display:block;}.abgc svg{display:block;}.abgs{display:none;height:100%;}.abgl{text-decoration:none;}.abgi{fill-opacity:1.0;fill:#00aecd;stroke:none;}.abgbg{fill-opacity:1.0;fill:#cdcccc;stroke:none;}.abgtxt{fill:black;font-family:’Arial’;font-size:100px;overflow:visible;stroke:none;}

var abgp={elp:document.getElementById(‘abgcp’),el:document.getElementById(‘abgc’),ael:document.getElementById(‘abgs’),iel:document.getElementById(‘abgb’),hw:15,sw:96,hh:15,sh:15,himg:’https://tpc.googlesyndication.com’+’/pagead/images/abg/icon.png&#8217;,simg:’https://tpc.googlesyndication.com/pagead/images/abg/en.png&#8217;,alt:’Ads by Google’,t:’Ads by’,tw:34,t2:’Google’,t2w:38,tbo:0,att:’adsbygoogle’,ff:”,halign:’right’,fe:false,iba:false,lttp:true,umd:false,uic:false,uit:false,ict:document.getElementById(‘cbb’),icd:undefined,uaal:true,opi: false};https://tpc.googlesyndication.com/pagead/js/r20160630/r20110914/abg.js<style>.cbc{background-image: url(‘https://tpc.googlesyndication.com/pagead/images/x_button_blue2.svg&#8217;);background-position: right top;background-repeat: no-repeat;cursor:pointer;height:15px;right:0;top:0;margin:0;overflow:hidden;padding:0;position:absolute;transform: scaleX(1);width:16px;z-index:9010;}.cbc.cbc-hover {background-image: url(‘https://tpc.googlesyndication.com/pagead/images/x_button_dark.svg&#8217;);}.cbc > .cb-x{height: 15px;position:absolute;width: 16px;right:0;top:0;}.cb-x > .cb-x-svg{background-color: lightgray;position:absolute;}.cbc.cbc-hover > .cb-x > .cb-x-svg{background-color: #58585a;}.cb-x > .cb-x-svg > .cb-x-svg-path{fill : #00aecd;}.cbc.cbc-hover > .cb-x > .cb-x-svg > .cb-x-svg-path{fill : white;}.cb-x > .cb-x-svg > .cb-x-svg-s-path{fill : white;}</style>

<

div id=”cbc” class=”cbc”>

</div> <style>.ddmc{background:#ccc;color:#000;padding:0;position:absolute;z-index:9020;max-width:100%;box-shadow:2px 2px 3px #aaaaaa;}.ddmc.left{margin-right:0;left:0px;}.ddmc.right{margin-left:0;right:0px;}.ddmc.top{bottom:20px;}.ddmc.bottom{top:20px;}.ddmc .tip{border-left:4px solid transparent;border-right:4px solid transparent;height:0;position:absolute;width:0;font-size:0;line-height:0;}.ddmc.bottom .tip{border-bottom:4px solid #ccc;top:-4px;}.ddmc.top .tip{border-top:4px solid #ccc;bottom:-4px;}.ddmc.right .tip{right:3px;}.ddmc.left .tip{left:3px;}.ddmc .dropdown-content{display:block;}.dropdown-content{display:none;border-collapse:collapse;}.dropdown-item{font:12px Arial,sans-serif;cursor:pointer;padding:3px 7px;vertical-align:middle;}.dropdown-item-hover, a.dropdown-item.dropdown-item-hover {background:#58585a;color:#fff;}.dropdown-content > table{border-collapse:collapse;border-spacing:0;}.dropdown-content > table > tbody > tr > td{padding:0;}a.dropdown-item {color: inherit;cursor: inherit;display: block;text-decoration: inherit;}</style>