The HumminBad malware has infected 85 million victims across the globe and is reportedly generating up to $300,000 a month to the people behind it ( reportedly in China ) thanks to millions of pop-up adverts and app downloads.
HummingBad infects Android devices via two methods: drive-by downloads going onto pages that offer ” free ” things and malicious payloads delivered by websites distributing adult content.
Once the attack is underway, HummingBad attempts to gain root access to the device using a rootkit, which if successful gives attackers full access to the infected phone.
If that attack method fails, Hummingbad will also use a fake system update notification to trick users into giving it access to the entire Android system.
No matter which method of attack is used, a successful installation of HummingBad will see it install as many fraudulent apps on the infected device as possible, which is how the scheme generates revenue.
Researchers suggest that a total of 85 million Android devices across the globe have been infected in this way, with victims in China, India, the Phillipines, and Indonesia accounting for over half of those successfully targeted.
It’s estimated that 10 million victims are unwittingly using malicious apps, which in total deliver over 20 million advertisements a day, resulting in 2.5 million clicks every 24 hours. Engagement with these pop-up ads deliver around $10,000 per day, totalling about $300,000 each month.
So how do you know if you have HummingBad?
Install ” Lookout ” from the Google Play Store , that will tell you if you have it.
If I have HummingBad , what do I do ?
Factory reset your phone is the only way ….. sorry